CVE-2021-29242 — HIGH (7.3)

Q: How severe is CVE-2021-29242?

CVE-2021-29242 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-29242?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Arm Sl, Codesys Control For Linux Sl.

Vulnerability Description

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Codesys	Control For Beaglebone Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Empc-A\/Imx6 Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Iot2000 Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Linux Arm Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Linux Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Pfc100 Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Pfc200 Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Plcnext Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Raspberry Pi Sl	>= 3.0, < 4.1.0.0
Codesys	Control For Wago Touch Panels 600 Sl	>= 3.0, < 4.1.0.0
Codesys	Control Rte	>= 3.0, < 3.5.17.0
Codesys	Control Runtime System Toolkit	>= 3.0, < 3.5.17.0
Codesys	Control Win	>= 3.0, < 3.5.17.0
Codesys	Edge Gateway	>= 3.0, < 3.5.17.0
Codesys	Embedded Target Visu Toolkit	>= 3.0, < 3.5.17.0
Codesys	Gateway	>= 3.0, < 3.5.17.0
Codesys	Hmi	>= 3.0, < 3.5.17.0
Codesys	Opc Server	>= 3.0, < 3.5.17.0
Codesys	Plchandler	>= 3.0, < 3.5.17.0
Codesys	Remote Target Visu Toolkit	>= 3.0, < 3.5.17.0

Related Weaknesses (CWE)

CWE-20

References

https://customers.codesys.com/index.phpPermissions RequiredVendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fcebVendor Advisory
https://www.codesys.com/security/security-reports.htmlVendor Advisory
https://customers.codesys.com/index.phpPermissions RequiredVendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fcebVendor Advisory
https://www.codesys.com/security/security-reports.htmlVendor Advisory

FAQ

What is CVE-2021-29242?

CVE-2021-29242 is a vulnerability with a CVSS score of 7.3 (HIGH). CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or...

How severe is CVE-2021-29242?

CVE-2021-29242 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29242?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Arm Sl, Codesys Control For Linux Sl.