CVE-2021-34599 HIGH

CVE-2021-34599: Improper Certificate Validation in CODESYS Git

Vendor Codesys
Product CODESYS Git
Weakness CWE-295
Published December 1, 2021
Last update September 17, 2024

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.

Key dates

02Disclosure timeline

December 1, 2021 CVE published
September 17, 2024 Record updated