CVE-2021-29242

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.3HIGH

EPSS

0.3%

top 45.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone SL Codesys Control FOR Empc-a\/imx6 SL Codesys Control FOR Iot2000 SL +19 more

Timeline

PublishedMay 3

Latest updateMay 24

Description

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages13 packages

▶NVDcodesys/control_runtime_system_toolkit3.0 — 3.5.17.0

▶NVDcodesys/control3.0 — 4.1.0.0

▶NVDcodesys/control_rte3.0 — 3.5.17.0

▶NVDcodesys/control_win3.0 — 3.5.17.0

▶NVDcodesys/simulation_runtime3.0 — 3.5.17.0

🔴Vulnerability Details

GHSA

GHSA-85g9-hgxq-755v: CODESYS Control Runtime system before 3↗2022-05-24

▶

CVEList

CVE-2021-29242: CODESYS Control Runtime system before 3↗2021-05-03

▶