CVE-2021-34593 - OpenCVE

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Codesys	Plcwinnt Runtime Toolkit

Configuration 1 [-]

OR	cpe:2.3:a:codesys:plcwinnt::::::::
	cpe:2.3:a:codesys:runtime_toolkit:::::::x86:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html
http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html
http://seclists.org/fulldisclosure/2021/Oct/64
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download=

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-10-26T09:55:51.381906Z

Updated: 2024-09-17T04:10:03.625Z

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34593

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-26T10:15:08.013

Modified: 2022-04-12T18:05:25.237

Link: CVE-2021-34593

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CODESYS V2", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.56", "status": "affected", "version": "Runtime Toolkit 32 bit full", "versionType": "custom"}, {"lessThan": "V2.4.7.56", "status": "affected", "version": "PLCWinNT", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab."}], "datePublic": "2021-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-04T19:06:19", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="}, {"name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Oct/64"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"}], "solutions": [{"lang": "en", "value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."}], "source": {"defect": ["VDE-2021-049"], "discovery": "EXTERNAL"}, "title": "CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-10-25T14:00:00.000Z", "ID": "CVE-2021-34593", "STATE": "PUBLIC", "TITLE": "CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS V2", "version": {"version_data": [{"version_affected": "<", "version_name": "Runtime Toolkit 32 bit full", "version_value": "V2.4.7.56"}, {"version_affected": "<", "version_name": "PLCWinNT", "version_value": "V2.4.7.56"}]}}]}, "vendor_name": "CODESYS"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755 Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="}, {"name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Oct/64"}, {"name": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"}, {"name": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"}]}, "solution": [{"lang": "en", "value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."}], "source": {"defect": ["VDE-2021-049"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:47.007Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="}, {"name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Oct/64"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34593", "datePublished": "2021-10-26T09:55:51.381906Z", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2024-09-17T04:10:03.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AD330AD-254E-4E3E-A17E-BE08305AFBA0", "versionEndExcluding": "2.4.7.56", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*", "matchCriteriaId": "EC36E0FD-2487-4BA0-9EB8-174D30FD4DFB", "versionEndExcluding": "2.4.7.56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."}, {"lang": "es", "value": "En CODESYS V2 Runtime Toolkit 32 Bit full y PLCWinNT versiones anteriores a V2.4.7.56, las peticiones no v\u00e1lidas dise\u00f1adas sin autenticaci\u00f3n pueden resultar en varias condiciones de denegaci\u00f3n de servicio. Los programas de PLC en ejecuci\u00f3n pueden detenerse, puede perderse la memoria, o puede bloquearse el acceso de otros clientes de comunicaci\u00f3n al PLC"}], "id": "CVE-2021-34593", "lastModified": "2022-04-12T18:05:25.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-10-26T10:15:08.013", "references": [{"source": "info@cert.vde.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"}, {"source": "info@cert.vde.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"}, {"source": "info@cert.vde.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/64"}, {"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "info@cert.vde.com", "type": "Primary"}]}