CVE-2021-34593 - OpenCVE

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Codesys	Plcwinnt Runtime Toolkit

Configuration 1 [-]

OR	cpe:2.3:a:codesys:plcwinnt::::::::
	cpe:2.3:a:codesys:runtime_toolkit:::::::x86:*

References

Link	Resource
http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/64	Mailing List Third Party Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download=	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-10-25T00:00:00

Updated: 2022-02-04T19:06:19

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34593

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-26T10:15:08.013

Modified: 2022-04-12T18:05:25.237

Link: CVE-2021-34593

JSON object: View

Redhat Information

No data.

CWE

CWE-755

{"containers": {"cna": {"affected": [{"product": "CODESYS V2 ", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.56", "status": "affected", "version": "Runtime Toolkit 32 bit full", "versionType": "custom"}, {"lessThan": "V2.4.7.56", "status": "affected", "version": "PLCWinNT", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab."}], "datePublic": "2021-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-04T19:06:19", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="}, {"name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Oct/64"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"}], "solutions": [{"lang": "en", "value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."}], "source": {"defect": ["VDE-2021-049"], "discovery": "EXTERNAL"}, "title": "CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-10-25T14:00:00.000Z", "ID": "CVE-2021-34593", "STATE": "PUBLIC", "TITLE": "CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS V2 ", "version": {"version_data": [{"version_affected": "<", "version_name": "Runtime Toolkit 32 bit full", "version_value": "V2.4.7.56"}, {"version_affected": "<", "version_name": "PLCWinNT", "version_value": "V2.4.7.56"}]}}]}, "vendor_name": "CODESYS"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered by Steffen Robertz and Gerhard Hechenberger from the SEC Consult Vulnerability Lab."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755 Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="}, {"name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Oct/64"}, {"name": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"}, {"name": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"}]}, "solution": [{"lang": "en", "value": "CODESYS GmbH has released the following product versions to solve the noted vulnerability issue for the affected CODESYS products:\n * CODESYS Runtime Toolkit 32 bit full version V2.4.7.56\n * CODESYS PLCWinNT version V2.4.7.56. This will also be part of the CODESYS Development System setup version V2.3.9.68."}], "source": {"defect": ["VDE-2021-049"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34593", "datePublished": "2021-10-25T00:00:00", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2022-02-04T19:06:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AD330AD-254E-4E3E-A17E-BE08305AFBA0", "versionEndExcluding": "2.4.7.56", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*", "matchCriteriaId": "EC36E0FD-2487-4BA0-9EB8-174D30FD4DFB", "versionEndExcluding": "2.4.7.56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC."}, {"lang": "es", "value": "En CODESYS V2 Runtime Toolkit 32 Bit full y PLCWinNT versiones anteriores a V2.4.7.56, las peticiones no v\u00e1lidas dise\u00f1adas sin autenticaci\u00f3n pueden resultar en varias condiciones de denegaci\u00f3n de servicio. Los programas de PLC en ejecuci\u00f3n pueden detenerse, puede perderse la memoria, o puede bloquearse el acceso de otros clientes de comunicaci\u00f3n al PLC"}], "id": "CVE-2021-34593", "lastModified": "2022-04-12T18:05:25.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-10-26T10:15:08.013", "references": [{"source": "info@cert.vde.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html"}, {"source": "info@cert.vde.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html"}, {"source": "info@cert.vde.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/64"}, {"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "info@cert.vde.com", "type": "Primary"}]}