CVE-2021-34593 HIGH

CVE-2021-34593: CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

Vendor Codesys
Product CODESYS V2
Weakness CWE-755
Published October 26, 2021
Last update September 17, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Key dates

02Disclosure timeline

October 26, 2021 CVE published
September 17, 2024 Record updated