CVE-2021-29242
HIGHCODESYS Control Runtime < 3.5.17.0 - Improper Input Validation via Crafted Communication Packets
Title source: llmDescription
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
References (3)
Core 3
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://customers.codesys.com/index.php
Vendor Advisory x_refsource_misc
https://www.codesys.com/security/security-reports.html
Vendor Advisory x_refsource_misc
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=
Scores
CVSS v3
7.3
EPSS
0.0107
EPSS Percentile
60.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-20
Status
published
Products (23)
codesys/control_for_beaglebone_sl
3.0 - 4.1.0.0
codesys/control_for_empc-a\/imx6_sl
3.0 - 4.1.0.0
codesys/control_for_iot2000_sl
3.0 - 4.1.0.0
codesys/control_for_linux_arm_sl
3.0 - 4.1.0.0
codesys/control_for_linux_sl
3.0 - 4.1.0.0
codesys/control_for_pfc100_sl
3.0 - 4.1.0.0
codesys/control_for_pfc200_sl
3.0 - 4.1.0.0
codesys/control_for_plcnext_sl
3.0 - 4.1.0.0
codesys/control_for_raspberry_pi_sl
3.0 - 4.1.0.0
codesys/control_for_wago_touch_panels_600_sl
3.0 - 4.1.0.0
... and 13 more
Published
May 03, 2021
Tracked Since
Feb 18, 2026