CVE-2021-34599
Improper Certificate Validation in CODESYS Git
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.
Las versiones afectadas de CODESYS Git en Versiones anteriores a V1.1.0.0, carecen de la comprobación de certificados en los protocolos de enlace HTTPS. CODESYS Git no implementa la comprobación de certificados por defecto, por lo que no comprueba que el servidor proporcione un certificado HTTPS válido y confiable. Dado que el certificado del servidor con el que es realizada la conexión no es verificado apropiadamente, la conexión del servidor es vulnerable a un ataque de tipo man-in-the-middle
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-10 CVE Reserved
- 2021-12-01 CVE Published
- 2024-08-16 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Codesys Search vendor "Codesys" | Git Search vendor "Codesys" for product "Git" | < 1.1.0.0 Search vendor "Codesys" for product "Git" and version " < 1.1.0.0" | - |
Affected
| in | Codesys Search vendor "Codesys" | Development System Search vendor "Codesys" for product "Development System" | < 3.5.17.0 Search vendor "Codesys" for product "Development System" and version " < 3.5.17.0" | - |
Safe
|