First published: Tue May 04 2021(Updated: )
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
CODESYS Development System | >=3.0<3.5.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-29240.
The severity of CVE-2021-29240 is high with a severity value of 7.8.
The CODESYS Development System versions before 3.5.17.0 are affected by CVE-2021-29240.
CVE-2021-29240 allows the installation of CODESYS packages with malicious content.
To mitigate CVE-2021-29240, update CODESYS Development System to version 3.5.17.0 or later.