First published: Mon May 03 2021(Updated: )
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Codesys Control For Beaglebone Sl | >=3.0<4.1.0.0 | |
Codesys Control For Empc-a\/imx6 Sl | >=3.0<4.1.0.0 | |
Codesys Control For Iot2000 Sl | >=3.0<4.1.0.0 | |
Codesys Control For Linux Arm Sl | >=3.0<4.1.0.0 | |
Codesys Control For Linux Sl | >=3.0<4.1.0.0 | |
Codesys Control For Pfc100 Sl | >=3.0<4.1.0.0 | |
Codesys Control For Pfc200 Sl | >=3.0<4.1.0.0 | |
Codesys Control For Plcnext Sl | >=3.0<4.1.0.0 | |
Codesys Control For Raspberry Pi Sl | >=3.0<4.1.0.0 | |
Codesys Control For Wago Touch Panels 600 Sl | >=3.0<4.1.0.0 | |
Codesys Control Rte | >=3.0<3.5.17.0 | |
Codesys Control Rte | >=3.0<3.5.17.0 | |
Codesys Control Runtime System Toolkit | >=3.0<3.5.17.0 | |
Codesys Control Win | >=3.0<3.5.17.0 | |
Codesys Edge Gateway | >=3.0<3.5.17.0 | |
Codesys Edge Gateway | >=3.0<4.1.0.0 | |
Codesys Embedded Target Visu Toolkit | >=3.0<3.5.17.0 | |
CODESYS Gateway | >=3.0<3.5.17.0 | |
Codesys Hmi | >=3.0<3.5.17.0 | |
Codesys Opc Server | >=3.0<3.5.17.0 | |
Codesys Plchandler | >=3.0<3.5.17.0 | |
Codesys Remote Target Visu Toolkit | >=3.0<3.5.17.0 | |
Codesys Safety Sil | >=3.0<3.5.17.0 | |
Codesys Simulation Runtime | >=3.0<3.5.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29242 is a vulnerability in the CODESYS Control Runtime system before version 3.5.17.0 that has improper input validation.
CVE-2021-29242 allows attackers to send crafted communication packets to change the router's addressing scheme and may re-route, add, remove, or change low-level communication packages.
CODESYS Control Runtime system versions before 3.5.17.0 are affected by CVE-2021-29242.
CVE-2021-29242 has a severity rating of 7.3 (high).
To mitigate CVE-2021-29242, it is recommended to update the CODESYS Control Runtime system to version 3.5.17.0 or higher.