CVE-2021-34595

CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service

Description

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Remediation

Solution:

CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products: * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56 * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68.

References

Link	Tags
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16878&token=e5644ec405590e66aefa62304cb8632df9fc9e9c&download=	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-34595?: CVE-2021-34595 has been scored as a high severity vulnerability.
How to fix CVE-2021-34595?: To fix CVE-2021-34595: CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products: * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56 * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68.
Is CVE-2021-34595 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-34595 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-34595?: CVE-2021-34595 affects CODESYS CODESYS V2.

Description

Remediation

Categories

CWE-823 – Use of Out-of-range Pointer Offset

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions