Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-30188 (GCVE-0-2021-30188)
Vulnerability from cvelistv5 – Published: 2021-05-25 12:33 – Updated: 2024-08-03 22:24
VLAI
EPSS
Summary
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://customers.codesys.com/index.php | x_refsource_MISC |
| https://customers.codesys.com/index.php?eID=dumpF… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-25T12:33:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30188",
"datePublished": "2021-05-25T12:33:16.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-30188",
"date": "2026-05-29",
"epss": "0.0057",
"percentile": "0.68898"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-30188\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-25T13:15:17.710\",\"lastModified\":\"2025-08-15T20:28:18.250\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.\"},{\"lang\":\"es\",\"value\":\"CODESYS V2 runtime system SP versiones anteriores a 2.4.7.55, presenta un Desbordamiento del B\u00fafer en la regi\u00f3n stack de la memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-893_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"2FCDEBB8-1A23-470E-858E-113E382EF5C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-893:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4795D0-B90B-4643-8713-88D89172D1A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-891_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"412C2148-01BA-4EB5-9843-B88EF40FC49E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-891:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22BAABD9-A10D-4904-AA02-C37C4490B47A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-890_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"FD51A1B9-5BD7-4458-BE90-18D1666B807E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-890:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11751A8B-FCFD-433B-9065-B4FC85168A93\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-889_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"6C253BB7-B264-4FD3-8691-E11806C6E126\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-889:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57919AAB-2962-4543-810A-C143300351F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-885_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"21A7AD4D-EF15-4A2F-A5DB-69390238A4B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-885:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7712F56E-AEBA-4DE0-9172-26F3D29B369B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-882_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"B26C1E90-3A58-441E-B2F6-56FF9A4807CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-882:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1379D65-F376-4618-B708-5E59D64C8033\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-881_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"A1E9B30D-158F-4A96-904A-21A6B4E693FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE51647-62C1-4D3C-91FA-13ACA6CD71D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-880_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw16\",\"matchCriteriaId\":\"BFD07A69-6741-446B-8D02-4F9BACDDD973\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-880:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFEAC4D9-15CF-44B8-844D-C012AA4637A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-862_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"E7DB181E-1417-4B82-9A50-59E82F9968AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-862:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA04FBFB-9E1C-4618-9FDC-70675506D8D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-852_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"EA876F0F-AA09-4972-B6D8-C1625E742ED9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-852:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D6739E1-EF0B-48EE-90FC-5708756FC362\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-832_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"1199B32D-F6F2-473A-83F0-3E53735F7072\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-832:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D1FA8D-C8BA-4D1C-8372-DECD40177631\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-831_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"4D8D785A-E80C-42CA-8070-C50914A7442E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-831:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0631884-FF6F-4AA9-9D76-CDECB5A738FC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-829_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw15\",\"matchCriteriaId\":\"8D510EFD-2F2E-42A9-BD92-B200CB22267A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-829:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F88F6E08-2D1B-4B34-B8DB-40292C0BBEB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"03675DC5-0563-4742-90F1-85CCE629157E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23B02096-81A5-4823-94F3-D87F389397DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"E8178F4C-BD4B-4E22-95F9-5264FD29E557\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC428EC8-532A-4825-BCE3-C42A4BC01C68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"9FC5F373-F17C-441A-AB86-F22D624E744E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AF14BE1-1EB5-423B-9FE7-E401AEF92553\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"6C723A05-DC44-4F43-BEC2-EAD27E68804B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E17ECC4-D7AE-485C-A2EF-4148817F9DB8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"40789CA2-C91E-4510-A759-51C01A86C3F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA98A0D9-B050-430B-96C5-15932438FD3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"EDE72D10-8E25-4939-9255-23E8FED88449\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C86098FC-E63E-4676-8BA1-ADCA30795558\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"6ED56607-5CA6-47F5-8C2A-AEF69CB4A9F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E11758B-46C3-4E57-943A-C9C073AE5211\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"D0E03C56-1319-4EE2-BF99-A4BA861D8381\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD6B267-3E4B-4597-82A6-130D6F21C728\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"2343C5B1-4905-405B-ACD7-375C31FC6C9A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20BBC380-0F6E-4400-93AF-5B6CFEF00562\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"E486580C-8400-4235-A617-8DBF4F65F31D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4969E8EB-EF09-47B9-8F03-37BB87CFD048\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"3DE5D039-B7BA-4876-9B3B-B41CCA778A98\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"979A8E43-4285-4A7B-BB0B-E6888117862C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"5F2AA067-9AA9-4D52-B609-C77CAD71CD33\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B854F74-173E-4523-BBA7-8FF7A9B9880E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"03.06.19_\\\\(18\\\\)\",\"matchCriteriaId\":\"A8032A39-1795-4AB0-9822-8A16EFFD1AE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B23CD8FD-FC7A-4E24-BF8F-648478D82645\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:v2_runtime_system_sp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.7.55\",\"matchCriteriaId\":\"F794119A-6720-44BE-8BCC-C3B8931B0B48\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:wago:750-823_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fw08\",\"matchCriteriaId\":\"0E02A0AE-7B50-4918-95DB-61598A7DA57F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:wago:750-823:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB88572A-CB05-4B52-8BFC-05EFDC819244\"}]}]}],\"references\":[{\"url\":\"https://customers.codesys.com/index.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download=\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
VAR-202105-0848
Vulnerability from variot - Updated: 2025-08-16 21:19CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. CODESYS V2 runtime system SP Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "750-8204",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-881",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-891",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-8216",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-862",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-8206",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8211",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8217",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8212",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-882",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-889",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-880",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw16"
},
{
"model": "750-829",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-832",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-885",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-852",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-8214",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-823",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-893",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "750-8202",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-831",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw15"
},
{
"model": "750-8210",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8213",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8207",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-890",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "fw08"
},
{
"model": "v2 runtime system sp",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.55"
},
{
"model": "750-8208",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "750-8203",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19_\\(18\\)"
},
{
"model": "codesys plcwinnt",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys runtime toolkit",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"cve": "CVE-2021-30188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-30188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-30188",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30188",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30188",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-30188",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1622",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1622"
},
{
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. CODESYS V2 runtime system SP Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30188"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30188",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU97061687",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-173-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007173",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1622",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1622"
},
{
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"id": "VAR-202105-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37935351049999994
},
"last_update_date": "2025-08-16T21:19:05.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-06",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download="
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14725\u0026token=08691519ef764b252630759eff925890176ecd78\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97061687/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30188"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-173-03"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1622"
},
{
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1622"
},
{
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"date": "2021-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1622"
},
{
"date": "2021-05-25T13:15:17.710000",
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-03T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-007173"
},
{
"date": "2021-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1622"
},
{
"date": "2025-08-15T20:28:18.250000",
"db": "NVD",
"id": "CVE-2021-30188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1622"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0V2\u00a0runtime\u00a0 system \u00a0SP\u00a0 Out-of-bounds Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007173"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1622"
}
],
"trust": 0.6
}
}
VDE-2021-014
Vulnerability from csaf_wagogmbhcokg - Published: 2021-05-20 09:08 - Updated: 2025-05-22 13:03Summary
WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3
Notes
Summary: Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC's.
Impact: The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the CODESYS 2.3 Runtime.
Remediation: WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller:
**Article No.** | **Fixed Version** | **Available** |
|-----------------------|-------------------|----------------|
| 750-823 | >=FW08 | June 2021 |
| 750-829 | >=FW15 | May 2021 |
| 750-831/000-00x | >=FW15 | May 2021 |
| 750-832/000-00x | >=FW08 | June 2021 |
| 750-852 | >=FW15 | May 2021 |
| 750-862 | >=FW08 | June 2021 |
| 750-880/0xx-xxx | >=FW16 | May 2021 |
| 750-881 | >=FW15 | May 2021 |
| 750-882 | >=FW15 | May 2021 |
| 750-885/0xx-xxx | >=FW15 | May 2021 |
| 750-889 | >=FW15 | May 2021 |
| 750-890/0xx-xxx | >=FW08 | June 2021 |
| 750-891 | >=FW08 | June 2021 |
| 750-893 | >=FW08 | June 2021 |
Series PFC200 Controller
| **Article No.** | **Fixed Patch** | **Patch Available** | **Fixed Firmware** | **Firmware Approx. Available** |
|------------------------|-----------------------|----------------------|--------------------|---------------------------------|
| 750-8202/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8203/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8204/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8206/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8207/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8208/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8210/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8211/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8212/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8213/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8214/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8216/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
| 750-8217/xxx-xxx | >=03.06.19 (18) | May 2021 | >=FW19 | August 2021 |
Mitigation: 1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 Web-Visualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html external link
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
6.8 (Medium)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
9.8 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
9.1 (Critical)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.
7.5 (High)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
6.5 (Medium)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.
5.3 (Medium)
Mitigation
If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.
Vendor Fix
Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.
Affected products
Known affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — |
References
3 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Mathy Vanhoef"
],
"organization": "imec-DistriNet",
"summary": "reporting."
},
{
"names": [
"KU Leuven"
],
"organization": "krackattacks",
"summary": "reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC\u0027s.",
"title": "Summary"
},
{
"category": "description",
"text": "The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the CODESYS 2.3 Runtime.",
"title": "Impact"
},
{
"category": "description",
"text": "WAGO recommends all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller:\n **Article No.** | **Fixed Version** | **Available** |\n|-----------------------|-------------------|----------------|\n| 750-823 | \u003e=FW08 | June 2021 |\n| 750-829 | \u003e=FW15 | May 2021 |\n| 750-831/000-00x | \u003e=FW15 | May 2021 |\n| 750-832/000-00x | \u003e=FW08 | June 2021 |\n| 750-852 | \u003e=FW15 | May 2021 |\n| 750-862 | \u003e=FW08 | June 2021 |\n| 750-880/0xx-xxx | \u003e=FW16 | May 2021 |\n| 750-881 | \u003e=FW15 | May 2021 |\n| 750-882 | \u003e=FW15 | May 2021 |\n| 750-885/0xx-xxx | \u003e=FW15 | May 2021 |\n| 750-889 | \u003e=FW15 | May 2021 |\n| 750-890/0xx-xxx | \u003e=FW08 | June 2021 |\n| 750-891 | \u003e=FW08 | June 2021 |\n| 750-893 | \u003e=FW08 | June 2021 |\n\nSeries PFC200 Controller\n| **Article No.** | **Fixed Patch** | **Patch Available** | **Fixed Firmware** | **Firmware Approx. Available** |\n|------------------------|-----------------------|----------------------|--------------------|---------------------------------|\n| 750-8202/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8203/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8204/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8206/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8207/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8208/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8210/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8211/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8212/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8213/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8214/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8216/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n| 750-8217/xxx-xxx | \u003e=03.06.19 (18) | May 2021 | \u003e=FW19 | August 2021 |\n",
"title": "Remediation"
},
{
"category": "description",
"text": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 Web-Visualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html external link",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "WAGO advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2021-014: WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-014"
},
{
"category": "self",
"summary": "VDE-2021-014: WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-014.json"
}
],
"title": "WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3",
"tracking": {
"aliases": [
"VDE-2021-014"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-01-15T12:21:13.476Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.16"
}
},
"id": "VDE-2021-014",
"initial_release_date": "2021-05-20T09:08:00.000Z",
"revision_history": [
{
"date": "2021-05-15T09:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: version space, added distribution, quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-8202/xxx-xxx",
"product": {
"name": "750-8202/xxx-xxx",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-8203/xxx-xxx",
"product": {
"name": "750-8203/xxx-xxx",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-8204/xxx-xxx",
"product": {
"name": "750-8204/xxx-xxx",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-8206/xxx-xxx",
"product": {
"name": "750-8206/xxx-xxx",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "750-8207/xxx-xxx",
"product": {
"name": "750-8207/xxx-xxx",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "750-8208/xxx-xxx",
"product": {
"name": "750-8208/xxx-xxx",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "750-8210/xxx-xxx",
"product": {
"name": "750-8210/xxx-xxx",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "750-8211/xxx-xxx",
"product": {
"name": "750-8211/xxx-xxx",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "750-8212/xxx-xxx",
"product": {
"name": "750-8212/xxx-xxx",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "750-8213/xxx-xxx",
"product": {
"name": "750-8213/xxx-xxx",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "750-8214/xxx-xxx",
"product": {
"name": "750-8214/xxx-xxx",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "750-8216/xxx-xxx",
"product": {
"name": "750-8216/xxx-xxx",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "750-8217/xxx-xxx",
"product": {
"name": "750-8217/xxx-xxx",
"product_id": "CSAFPID-11013"
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11014"
}
},
{
"category": "product_name",
"name": "750-829",
"product": {
"name": "750-829",
"product_id": "CSAFPID-11015"
}
},
{
"category": "product_name",
"name": "750-831/000-00x",
"product": {
"name": "750-831/000-00x",
"product_id": "CSAFPID-11016"
}
},
{
"category": "product_name",
"name": "750-832/000-00x",
"product": {
"name": "750-832/000-00x",
"product_id": "CSAFPID-11017"
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "750-852",
"product_id": "CSAFPID-11018"
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11019"
}
},
{
"category": "product_name",
"name": "750-880/0xx-xxx",
"product": {
"name": "750-880/0xx-xxx",
"product_id": "CSAFPID-11020"
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "750-881",
"product_id": "CSAFPID-11021"
}
},
{
"category": "product_name",
"name": "750-882",
"product": {
"name": "750-882",
"product_id": "CSAFPID-11022"
}
},
{
"category": "product_name",
"name": "750-885/0xx-xxx",
"product": {
"name": "750-885/0xx-xxx",
"product_id": "CSAFPID-11023"
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "750-889",
"product_id": "CSAFPID-11024"
}
},
{
"category": "product_name",
"name": "750-890/0xx-xxx",
"product": {
"name": "750-890/0xx-xxx",
"product_id": "CSAFPID-11025"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11026"
}
},
{
"category": "product_name",
"name": "750-893",
"product": {
"name": "750-893",
"product_id": "CSAFPID-11027"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c03.06.19 (18)",
"product": {
"name": "Firmware \u003c03.06.19 (18)",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW06",
"product": {
"name": "Firmware \u003c=FW06",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW07",
"product": {
"name": "Firmware \u003c=FW07",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW14",
"product": {
"name": "Firmware \u003c=FW14",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW15",
"product": {
"name": "Firmware \u003c=FW15",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version",
"name": "FW08",
"product": {
"name": "Firmware FW08",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW15",
"product": {
"name": "Firmware FW15",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "FW16",
"product": {
"name": "Firmware FW16",
"product_id": "CSAFPID-22004"
}
},
{
"category": "patch_level",
"name": "03.06.19 (18)",
"product": {
"name": "Firmware 03.06.19 (18)",
"product_id": "CSAFPID-22005"
}
},
{
"category": "product_version",
"name": "FW19",
"product": {
"name": "Firmware FW19",
"product_id": "CSAFPID-22006"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032",
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.19 (18) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-823",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-829",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-831/000-00x",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW06 installed on 750-832/000-00x",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-852",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-862",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW15 installed on 750-880/0xx-xxx",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-881",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-882",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-885/0xx-xxx",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-889",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-891",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW07 installed on 750-893",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-823",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-885/0xx-xxx installed on 750-829",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-32010",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-831/000-00x",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-832/000-00x",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-852",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-862",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW16 installed on 750-880/0xx-xxx",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-881",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-882",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-885/0xx-xxx",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW15 installed on 750-889",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-891",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW08 installed on 750-893",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.06.19 (18) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-32031"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-32032"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-32033"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-32034"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-32035"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-32036"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-32037"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-32038"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-32039"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW19 installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-32040"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11013"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30192",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30192"
},
{
"cve": "CVE-2021-30193",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30193"
},
{
"cve": "CVE-2021-30188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-30189",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30189"
},
{
"cve": "CVE-2021-30190",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30190"
},
{
"cve": "CVE-2021-30194",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30194"
},
{
"cve": "CVE-2021-30195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30195"
},
{
"cve": "CVE-2021-30186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30186"
},
{
"cve": "CVE-2021-30191",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30191"
},
{
"cve": "CVE-2021-21000",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-21000"
},
{
"cve": "CVE-2021-21001",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-21001"
},
{
"cve": "CVE-2021-30187",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If an immediate firmware update is not possible, the WLAN on the unit can also be switched off as a precautionary measure.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Endress+Hauser provides updated firmware versions for all related products from the Proline portfolio which fixes the vulnerability and recommends customers to update to the new fixed version. For support, please contact your local service center.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-30187"
}
]
}
VDE-2021-048
Vulnerability from csaf_lenzese - Published: 2021-10-04 12:33 - Updated: 2021-10-04 12:33Summary
Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication
Notes
Summary: The affected products contain a CODESYS Control runtime system in version V2. They are therefore affected by the
vulnerability described in CODESYS Advisory 2021-06. It provides a communication server for the communication with clients like the CODESYS Development System.
The 9400 servo inverters is only affected if the communication Path via the inserted EtherNet Module E94AYCEN on slot MXI1 or MXI2 is used. If the Module E94AYCEN is used, the following Versions are affected.
Product Identification: E94xSHxxx (Single Drive, High Line)
Product Identification: E94xMHxxx (Multi Drive, High Line)
Remark: If the product identification of your 9400 product does not fit to the above mentioned identification, please contact Lenze at Security.de@Lenze.com.
The Versions P (power supply module) and R (regenerative power supply module) are not affected. Furthermore, the Variant P (PLC) and the Variant S (StateLine) are not affected. The communication paths via the diagnostic interface X6, the system bus (CAN) X1 or the field buses (other than the named Ethernet module) that can be plugged into the module slots MXI1 or MXI2 are not affected.
The focus is therefore on 9400 servo inverters with the product-identification E94x{S/M}{H}... with a plugged in Ethernet module E94AYCEN... in module slot MXI1 or MXI2 and communication with the Engineer-Tools via exactly this channel.
In addition to the standard tool Engineer, there is also a special Version of the PLC Designer (Version 0.x). The communication path to the PLC Designer is not considered with the planned update and the vulnerabilities here remain even after the update. Here, the customer must provide a secure Environment, see Mitigation.
Impact: A crafted request may cause a heap-based, a stack-based buffer overflow or a buffer over-read in the affected products, resulting in a denial-of-service condition or being utilized for remote code execution.
The crafted requests are only processed on the products, if no online password is configured on the products or if the attacker has previously successfully authenticated himself at the affected products.
Mitigation: As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Remediation: The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
9.8 (Critical)
Mitigation
As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Vendor Fix
The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
7.5 (High)
Mitigation
As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Vendor Fix
The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
7.5 (High)
Mitigation
As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.
- Use firewalls to protect the automation system network and to separate it from other networks.
Remark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.
- Activate and use user administration and password functions.
- Use encrypted communication links.
Restrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.
- Protect the development tool by using the latest virus detection solutions.
Vendor Fix
The affected products
- Embedded Line EL 1800-9800
- Command Station CS 5800-9800
- Control Cabinet PC 2800
- EL100 PLC
are at the end of life and are no longer available. A further development or adaption of the
products is no longer planned and no longer possible from the process of discontinuation.
The affected product
- 9400 servo inverters
in the constellation described above will be revised in the next product release. An update is
planned for Q2 2022.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Positive Technologies
Sergey Fedonin
Denis Goryushev
Anton Dorfman
SCADAfence
Yossi Reuven
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Sergey Fedonin",
"Denis Goryushev",
"Anton Dorfman"
],
"organization": "Positive Technologies",
"summary": "discovered and reported"
},
{
"names": [
"Yossi Reuven"
],
"organization": "SCADAfence",
"summary": "discovered and reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The affected products contain a CODESYS Control runtime system in version V2. They are therefore affected by the\nvulnerability described in CODESYS Advisory 2021-06. It provides a communication server for the communication with clients like the CODESYS Development System.\n\nThe 9400 servo inverters is only affected if the communication Path via the inserted EtherNet Module E94AYCEN on slot MXI1 or MXI2 is used. If the Module E94AYCEN is used, the following Versions are affected.\n\nProduct Identification: E94xSHxxx (Single Drive, High Line)\nProduct Identification: E94xMHxxx (Multi Drive, High Line)\n\nRemark: If the product identification of your 9400 product does not fit to the above mentioned identification, please contact Lenze at Security.de@Lenze.com.\n\nThe Versions P (power supply module) and R (regenerative power supply module) are not affected. Furthermore, the Variant P (PLC) and the Variant S (StateLine) are not affected. The communication paths via the diagnostic interface X6, the system bus (CAN) X1 or the field buses (other than the named Ethernet module) that can be plugged into the module slots MXI1 or MXI2 are not affected.\n\nThe focus is therefore on 9400 servo inverters with the product-identification E94x{S/M}{H}... with a plugged in Ethernet module E94AYCEN... in module slot MXI1 or MXI2 and communication with the Engineer-Tools via exactly this channel.\n\nIn addition to the standard tool Engineer, there is also a special Version of the PLC Designer (Version 0.x). The communication path to the PLC Designer is not considered with the planned update and the vulnerabilities here remain even after the update. Here, the customer must provide a secure Environment, see Mitigation.",
"title": "Summary"
},
{
"category": "description",
"text": "A crafted request may cause a heap-based, a stack-based buffer overflow or a buffer over-read in the affected products, resulting in a denial-of-service condition or being utilized for remote code execution.\n\nThe crafted requests are only processed on the products, if no online password is configured on the products or if the attacker has previously successfully authenticated himself at the affected products.",
"title": "Impact"
},
{
"category": "description",
"text": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"title": "Mitigation"
},
{
"category": "description",
"text": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@lenze.com",
"name": "Lenze SE",
"namespace": "https://www.lenze.com"
},
"references": [
{
"category": "external",
"summary": "Lenze advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/lenze/"
},
{
"category": "self",
"summary": "VDE-2021-048: Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-048"
},
{
"category": "self",
"summary": "VDE-2021-048: Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication - CSAF",
"url": "https://lenze.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-048.json"
}
],
"title": "Lenze: Multiple Vulnerabilities in CODESYS Control V2 communication",
"tracking": {
"aliases": [
"VDE-2021-048"
],
"current_release_date": "2021-10-04T12:33:00.000Z",
"generator": {
"date": "2025-03-24T12:03:41.535Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2021-048",
"initial_release_date": "2021-10-04T12:33:00.000Z",
"revision_history": [
{
"date": "2021-10-04T12:33:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Command Station CS 5800-9800",
"product": {
"name": "Command Station CS 5800-9800",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "Control Cabinet PC 2800",
"product": {
"name": "Control Cabinet PC 2800",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "EL100 PLC",
"product": {
"name": "EL100 PLC",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "Embedded Line EL 1800-9800",
"product": {
"name": "Embedded Line EL 1800-9800",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product": {
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"E94xSHxxx"
]
}
}
},
{
"category": "product_name",
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product": {
"name": "EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"E94xMHxxx"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V15.02.04",
"product": {
"name": "Firmware \u003c=V15.02.04",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Weidmueller"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Command Station CS 5800-9800",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Control Cabinet PC 2800",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on EL100 PLC",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Embedded Line EL 1800-9800",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V15.02.04 installed on EtherNet Module E94AYCEN on slot MXI1 or MXI2 in 9400 servo inverters",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-30195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-30186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As part of a security strategy, Lenze SE recommends the following general defense measures to reduce the risk of exploits:\n\n- Only use the products in a protected and controlled environment to minimize network impact and to ensure that they are inaccessible from outside.\n- Use firewalls to protect the automation system network and to separate it from other networks.\n\n\nRemark: One Measure should be to Block port 1200 via the firewall and open this port for authenticated access only.\n\n- Use Virtual Private Networks (VPN) tunnels when remote access is required.\n- Use IDS (Intrusion Detection Systems) where possible to detect anomalies in the network.\n- Activate and use user administration and password functions.\n- Use encrypted communication links.\nRestrict access to both the development tools and their projects and the products of the automation system by physical means, operating system functions, etc.\n- Protect the development tool by using the latest virus detection solutions.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "The affected products\n\n- Embedded Line EL 1800-9800\n- Command Station CS 5800-9800\n- Control Cabinet PC 2800\n- EL100 PLC\n\nare at the end of life and are no longer available. A further development or adaption of the\nproducts is no longer planned and no longer possible from the process of discontinuation.\n\nThe affected product\n\n- 9400 servo inverters\n\nin the constellation described above will be revised in the next product release. An update is\nplanned for Q2 2022.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30186"
}
]
}
VDE-2021-054
Vulnerability from csaf_pilzgmbhcokg - Published: 2022-04-26 10:00 - Updated: 2022-04-26 10:00Summary
Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system
Notes
Summary: Several Pilz products use Versions V2 and V3 of the CODESYS runtime system from CODESYS GmbH, which enables the execution of IEC 61131-3 PLC programs. These runtime environments contain several vulnerabilities, which an attacker can exploit via the network. Successful exploitation of the vulnerabilities results in reduced availability and, in a worst case, to the insertion of program code.
Impact: The affected products use the CODESYS runtime environment from CODESYS GmbH. Either Version V2 or V3 is active, depending on the configuration. V3 is activated upon delivery. These runtime environments contain the listed vulnerabilities. Some of the vulnerabilities only affect either version V2 or V3 of the CODESYS runtime environment.
General countermeasures: Use a firewall or comparable measures at network level to protect the devices from unauthorised network communication.
Employ user management to restrict online access to authorised persons.
Remediation: PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
6.5 (Medium)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
8.1 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
9.8 (Critical)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
6.5 (Medium)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
8.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
7.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
8.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
5.3 (Medium)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — |
3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.
6.5 (Medium)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — |
References
4 references
| URL | Category |
|---|---|
| https://certvde.com/en/advisories/VDE-2021-054/ | self |
| https://pilz.csaf-tp.certvde.com/.well-known/csaf… | self |
| https://www.pilz.com | external |
| https://certvde.com/en/advisories/vendor/pilz/ | external |
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several Pilz products use Versions V2 and V3 of the CODESYS runtime system from CODESYS GmbH, which enables the execution of IEC 61131-3 PLC programs. These runtime environments contain several vulnerabilities, which an attacker can exploit via the network. Successful exploitation of the vulnerabilities results in reduced availability and, in a worst case, to the insertion of program code.",
"title": "Summary"
},
{
"category": "description",
"text": "The affected products use the CODESYS runtime environment from CODESYS GmbH. Either Version V2 or V3 is active, depending on the configuration. V3 is activated upon delivery. These runtime environments contain the listed vulnerabilities. Some of the vulnerabilities only affect either version V2 or V3 of the CODESYS runtime environment.",
"title": "Impact"
},
{
"category": "general",
"text": "Use a firewall or comparable measures at network level to protect the devices from unauthorised network communication.\nEmploy user management to restrict online access to authorised persons.",
"title": "General countermeasures"
},
{
"category": "general",
"text": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-054: Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-054/"
},
{
"category": "self",
"summary": "VDE-2021-054: Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2021-054.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.pilz.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
}
],
"title": "Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system",
"tracking": {
"aliases": [
"VDE-2021-054"
],
"current_release_date": "2022-04-26T10:00:00.000Z",
"generator": {
"date": "2025-05-14T13:21:16.214Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2021-054",
"initial_release_date": "2022-04-26T10:00:00.000Z",
"revision_history": [
{
"date": "2022-04-26T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Motion controller PMCprimo C",
"product": {
"name": "Motion controller PMCprimo C",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"680175",
"680052",
"680053",
"680054",
"680055",
"680062",
"680063",
"680064",
"680065",
"680162",
"680163",
"680164",
"680165",
"680172",
"680173",
"680174"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo C2.0 (plug-in card)",
"product": {
"name": "Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"680182",
"680183",
"680184",
"680185"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo C2.1 (housing version)",
"product": {
"name": "Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"680192",
"680193",
"680194",
"680195"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo MC",
"product": {
"name": "Motion controller PMCprimo MC",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"680082",
"680083",
"680084",
"680085"
]
}
}
},
{
"category": "product_name",
"name": "Operator terminal/controller PMI 6 primo",
"product": {
"name": "Operator terminal/controller PMI 6 primo",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"265608",
"265613",
"264639"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=03.07.00",
"product": {
"name": "Firmware \u003c=03.07.00",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "03.08.00",
"product": {
"name": "Firmware 03.08.00",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Motion controller PMCprimo C",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo MC",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Operator terminal/controller PMI 6 primo",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo MC",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-36764"
},
{
"cve": "CVE-2021-34596",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "description",
"text": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34596"
},
{
"cve": "CVE-2021-34595",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34595"
},
{
"cve": "CVE-2021-34593",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34593"
},
{
"cve": "CVE-2021-30195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30195"
},
{
"cve": "CVE-2021-30188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29242"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2020-7052",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-7052"
},
{
"cve": "CVE-2020-6081",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-6081"
},
{
"cve": "CVE-2020-12069",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-12069"
},
{
"cve": "CVE-2020-12067",
"cwe": {
"id": "CWE-640",
"name": "Weak Password Recovery Mechanism for Forgotten Password"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-12067"
},
{
"cve": "CVE-2019-9013",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9013"
},
{
"cve": "CVE-2019-9011",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9011"
},
{
"cve": "CVE-2019-9009",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9009"
},
{
"cve": "CVE-2019-5105",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-5105"
},
{
"cve": "CVE-2019-19789",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-19789"
},
{
"cve": "CVE-2021-30186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30186"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…