// For flags

CVE-2021-34593

CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

En CODESYS V2 Runtime Toolkit 32 Bit full y PLCWinNT versiones anteriores a V2.4.7.56, las peticiones no válidas diseñadas sin autenticación pueden resultar en varias condiciones de denegación de servicio. Los programas de PLC en ejecución pueden detenerse, puede perderse la memoria, o puede bloquearse el acceso de otros clientes de comunicación al PLC

WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 (v03.08.08) suffer from denial of service and user enumeration vulnerabilities.

*Credits: This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-06-10 CVE Reserved
  • 2021-10-26 CVE Published
  • 2024-07-10 EPSS Updated
  • 2024-09-17 CVE Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-755: Improper Handling of Exceptional Conditions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Codesys
Search vendor "Codesys"
 Plcwinnt
Search vendor "Codesys" for product "Plcwinnt"
 < 2.4.7.56
Search vendor "Codesys" for product "Plcwinnt" and version " < 2.4.7.56"
-
Affected
Codesys
Search vendor "Codesys"
 Runtime Toolkit
Search vendor "Codesys" for product "Runtime Toolkit"
 < 2.4.7.56
Search vendor "Codesys" for product "Runtime Toolkit" and version " < 2.4.7.56"
x86
Affected