CVE-2021-29242

HIGH

CODESYS Control Runtime < 3.5.17.0 - Improper Input Validation via Crafted Communication Packets

Title source: llm
STIX 2.1

Description

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

References (3)

Core 3

Scores

CVSS v3 7.3
EPSS 0.0107
EPSS Percentile 60.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-20
Status published
Products (23)
codesys/control_for_beaglebone_sl 3.0 - 4.1.0.0
codesys/control_for_empc-a\/imx6_sl 3.0 - 4.1.0.0
codesys/control_for_iot2000_sl 3.0 - 4.1.0.0
codesys/control_for_linux_arm_sl 3.0 - 4.1.0.0
codesys/control_for_linux_sl 3.0 - 4.1.0.0
codesys/control_for_pfc100_sl 3.0 - 4.1.0.0
codesys/control_for_pfc200_sl 3.0 - 4.1.0.0
codesys/control_for_plcnext_sl 3.0 - 4.1.0.0
codesys/control_for_raspberry_pi_sl 3.0 - 4.1.0.0
codesys/control_for_wago_touch_panels_600_sl 3.0 - 4.1.0.0
... and 13 more
Published May 03, 2021
Tracked Since Feb 18, 2026