First published: Wed Dec 01 2021(Updated: )
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
CODESYS Git | <1.1.0.0 | |
CODESYS Development System | <3.5.17.0 |
CODESYS GmbH has released CODESYS Git V1.1.0.0 to solve this vulnerability issue. CODESYS Git V1.1.0.0 can be downloaded and installed directly with the CODESYS Installer. CODESYS Git requires a CODESYS Development System version of V3.5.17.0 or newer.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34599 is a vulnerability in CODESYS Git that allows attackers to bypass certificate validation in HTTPS handshakes.
The severity of CVE-2021-34599 is high with a CVSS score of 7.4.
Versions prior to V1.1.0.0 of CODESYS Git are affected by CVE-2021-34599.
No, CODESYS Git does not implement certificate validation by default.
Upgrade to CODESYS Git version V1.1.0.0 or later to fix CVE-2021-34599.