Vulnerability Description
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Git | < 1.1.0.0 |
| Codesys | Development System | < 3.5.17.0 |
Related Weaknesses (CWE)
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16959&token=3ce11e44aVendor Advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16959&token=3ce11e44aVendor Advisory
FAQ
What is CVE-2021-34599?
CVE-2021-34599 is a vulnerability with a CVSS score of 7.4 (HIGH). Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify ...
How severe is CVE-2021-34599?
CVE-2021-34599 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34599?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Git, Codesys Development System.