First published: Tue Oct 26 2021(Updated: )
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
CODESYS PLCWinNT | <2.4.7.56 | |
Codesys Runtime Toolkit | <2.4.7.56 |
CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products: * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56 * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-34595.
The severity rating of CVE-2021-34595 is 8.1 (High).
The affected software for CVE-2021-34595 include CODESYS PLCWinNT (up to version 2.4.7.56) and Codesys Runtime Toolkit (up to version 2.4.7.56).
A crafted request with invalid offsets may cause an out-of-bounds read or write access, resulting in a denial-of-service condition or local memory overwrite.
Yes, updating CODESYS PLCWinNT and Codesys Runtime Toolkit to version 2.4.7.56 or later can fix the vulnerability.