CVE-2021-34595 - Vulnerability Details

Description

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Published: 2021-10-26

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

CODESYS

CODESYS V2

affected

Version	Status	Constraints
`Runtime Toolkit 32 bit full`	affected	< V2.4.7.56
`PLCWinNT`	affected	< V2.4.7.56

Configuration 1 [-]

AND

cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*

Configuration 28 [-]

OR	cpe:2.3:a:codesys:codesys::::::::
	cpe:2.3:a:codesys:plcwinnt::::::::
	cpe:2.3:a:codesys:runtime_toolkit:::::::x86:*

No data.

No data available yet.

Remediation

Vendor Solution

CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products: * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56 * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-21245	A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00372.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download=

History

Fri, 15 Aug 2025 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Codesys codesys Wago Wago 750-8202 Wago 750-8202 Firmware Wago 750-8203 Wago 750-8203 Firmware Wago 750-8204 Wago 750-8204 Firmware Wago 750-8206 Wago 750-8206 Firmware Wago 750-8207 Wago 750-8207 Firmware Wago 750-8208 Wago 750-8208 Firmware Wago 750-8210 Wago 750-8210 Firmware Wago 750-8211 Wago 750-8211 Firmware Wago 750-8212 Wago 750-8212 Firmware Wago 750-8213 Wago 750-8213 Firmware Wago 750-8214 Wago 750-8214 Firmware Wago 750-8216 Wago 750-8216 Firmware Wago 750-8217 Wago 750-8217 Firmware Wago 750-823 Wago 750-823 Firmware Wago 750-829 Wago 750-829 Firmware Wago 750-831 Wago 750-831 Firmware Wago 750-832 Wago 750-832 Firmware Wago 750-852 Wago 750-852 Firmware Wago 750-862 Wago 750-862 Firmware Wago 750-880 Wago 750-880 Firmware Wago 750-881 Wago 750-881 Firmware Wago 750-882 Wago 750-882 Firmware Wago 750-885 Wago 750-885 Firmware Wago 750-889 Wago 750-889 Firmware Wago 750-890 Wago 750-890 Firmware Wago 750-891 Wago 750-891 Firmware Wago 750-893 Wago 750-893 Firmware
CPEs		cpe:2.3:a:codesys:codesys:::::::: cpe:2.3:h:wago:750-8202:-:::::::* cpe:2.3:h:wago:750-8203:-:::::::* cpe:2.3:h:wago:750-8204:-:::::::* cpe:2.3:h:wago:750-8206:-:::::::* cpe:2.3:h:wago:750-8207:-:::::::* cpe:2.3:h:wago:750-8208:-:::::::* cpe:2.3:h:wago:750-8210:-:::::::* cpe:2.3:h:wago:750-8211:-:::::::* cpe:2.3:h:wago:750-8212:-:::::::* cpe:2.3:h:wago:750-8213:-:::::::* cpe:2.3:h:wago:750-8214:-:::::::* cpe:2.3:h:wago:750-8216:-:::::::* cpe:2.3:h:wago:750-8217:-:::::::* cpe:2.3:h:wago:750-823:-:::::::* cpe:2.3:h:wago:750-829:-:::::::* cpe:2.3:h:wago:750-831:-:::::::* cpe:2.3:h:wago:750-832:-:::::::* cpe:2.3:h:wago:750-852:-:::::::* cpe:2.3:h:wago:750-862:-:::::::* cpe:2.3:h:wago:750-880:-:::::::* cpe:2.3:h:wago:750-881:-:::::::* cpe:2.3:h:wago:750-882:-:::::::* cpe:2.3:h:wago:750-885:-:::::::* cpe:2.3:h:wago:750-889:-:::::::* cpe:2.3:h:wago:750-890:-:::::::* cpe:2.3:h:wago:750-891:-:::::::* cpe:2.3:h:wago:750-893:-:::::::* cpe:2.3:o:wago:750-8202_firmware:::::::: cpe:2.3:o:wago:750-8203_firmware:::::::: cpe:2.3:o:wago:750-8204_firmware:::::::: cpe:2.3:o:wago:750-8206_firmware:::::::: cpe:2.3:o:wago:750-8207_firmware:::::::: cpe:2.3:o:wago:750-8208_firmware:::::::: cpe:2.3:o:wago:750-8210_firmware:::::::: cpe:2.3:o:wago:750-8211_firmware:::::::: cpe:2.3:o:wago:750-8212_firmware:::::::: cpe:2.3:o:wago:750-8213_firmware:::::::: cpe:2.3:o:wago:750-8214_firmware:::::::: cpe:2.3:o:wago:750-8216_firmware:::::::: cpe:2.3:o:wago:750-8217_firmware:::::::: cpe:2.3:o:wago:750-823_firmware:::::::: cpe:2.3:o:wago:750-829_firmware:::::::: cpe:2.3:o:wago:750-831_firmware:::::::: cpe:2.3:o:wago:750-832_firmware:::::::: cpe:2.3:o:wago:750-852_firmware:::::::: cpe:2.3:o:wago:750-862_firmware:::::::: cpe:2.3:o:wago:750-880_firmware:::::::: cpe:2.3:o:wago:750-881_firmware:::::::: cpe:2.3:o:wago:750-882_firmware:::::::: cpe:2.3:o:wago:750-885_firmware:::::::: cpe:2.3:o:wago:750-889_firmware:::::::: cpe:2.3:o:wago:750-890_firmware:::::::: cpe:2.3:o:wago:750-891_firmware:::::::: cpe:2.3:o:wago:750-893_firmware::::::::
Vendors & Products		Codesys codesys Wago Wago 750-8202 Wago 750-8202 Firmware Wago 750-8203 Wago 750-8203 Firmware Wago 750-8204 Wago 750-8204 Firmware Wago 750-8206 Wago 750-8206 Firmware Wago 750-8207 Wago 750-8207 Firmware Wago 750-8208 Wago 750-8208 Firmware Wago 750-8210 Wago 750-8210 Firmware Wago 750-8211 Wago 750-8211 Firmware Wago 750-8212 Wago 750-8212 Firmware Wago 750-8213 Wago 750-8213 Firmware Wago 750-8214 Wago 750-8214 Firmware Wago 750-8216 Wago 750-8216 Firmware Wago 750-8217 Wago 750-8217 Firmware Wago 750-823 Wago 750-823 Firmware Wago 750-829 Wago 750-829 Firmware Wago 750-831 Wago 750-831 Firmware Wago 750-832 Wago 750-832 Firmware Wago 750-852 Wago 750-852 Firmware Wago 750-862 Wago 750-862 Firmware Wago 750-880 Wago 750-880 Firmware Wago 750-881 Wago 750-881 Firmware Wago 750-882 Wago 750-882 Firmware Wago 750-885 Wago 750-885 Firmware Wago 750-889 Wago 750-889 Firmware Wago 750-890 Wago 750-890 Firmware Wago 750-891 Wago 750-891 Firmware Wago 750-893 Wago 750-893 Firmware

Subscriptions

Codesys Codesys Plcwinnt Runtime Toolkit

Wago 750-8202 750-8202 Firmware 750-8203 750-8203 Firmware 750-8204 750-8204 Firmware 750-8206 750-8206 Firmware 750-8207 750-8207 Firmware 750-8208 750-8208 Firmware 750-8210 750-8210 Firmware 750-8211 750-8211 Firmware 750-8212 750-8212 Firmware 750-8213 750-8213 Firmware 750-8214 750-8214 Firmware 750-8216 750-8216 Firmware 750-8217 750-8217 Firmware 750-823 750-823 Firmware 750-829 750-829 Firmware 750-831 750-831 Firmware 750-832 750-832 Firmware 750-852 750-852 Firmware 750-862 750-862 Firmware 750-880 750-880 Firmware 750-881 750-881 Firmware 750-882 750-882 Firmware 750-885 750-885 Firmware 750-889 750-889 Firmware 750-890 750-890 Firmware 750-891 750-891 Firmware 750-893 750-893 Firmware

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-10-26T09:55:52.868Z

Updated: 2024-09-17T03:42:53.986Z

Reserved: 2021-06-10T00:00:00.000Z

Link: CVE-2021-34595

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-26T10:15:08.070

Modified: 2025-08-15T20:25:40.657

Link: CVE-2021-34595

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object