Unrated severityNVD Advisory· Published Oct 26, 2021· Updated Sep 17, 2024

CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

CVE-2021-34593

Description

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Affected products

Codesys/CODESYS V3cpe-rescue
Range: Runtime Toolkit 32 bit full

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.htmlmitrex_refsource_MISC
packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.htmlmitrex_refsource_MISC
seclists.org/fulldisclosure/2021/Oct/64mitremailing-listx_refsource_FULLDISC
customers.codesys.com/index.phpmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000