CVE-2021-29242
published 2021-05-03CVE-2021-29242: CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's…
high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_empc-a_imx6_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_iot2000_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_linux_arm_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_linux_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_pfc100_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_pfc200_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_plcnext_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_raspberry_pi_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_for_wago_touch_panels_600_sl | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | control_rte | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | control_runtime_system_toolkit | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | control_win | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | edge_gateway | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | edge_gateway | >= 3.0 < 4.1.0.0 | 4.1.0.0 |
| codesys | embedded_target_visu_toolkit | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | gateway | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | hmi | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | opc_server | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | plchandler | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | remote_target_visu_toolkit | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | safety_sil | >= 3.0 < 3.5.17.0 | 3.5.17.0 |
| codesys | simulation_runtime | >= 3.0 < 3.5.17.0 | 3.5.17.0 |