VDE-2021-056
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2021-11-16 14:11 - Updated: 2025-05-22 13:03Summary
WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 and WebVisualisation
Notes
Summary:
Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLCs. All vulnerable PLCs are listed in chapter 'Affected Products'.
https://www.codesys.com/security/security-reports.html
Mitigation: 1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
Impact: A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.
Remediation: UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
| Article Number | Fixed Firmware Versions | Available |
|-------------------------|--------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-829 | >=FW17 | After BACnet certification |
| 750-831/000-00x | >=FW17 | After BACnet certification |
| 750-832/000-00x | >=FW10 | After BACnet certification |
| 750-852 | >=FW17 | Q1 2022 |
| 750-862 | >=FW10 | January 2022 |
| 750-880/0xx-xxx | >=FW17 | Q1 2022 |
| 750-881 | >=FW17 | Q1 2022 |
| 750-882 | >=FW17 | Q1 2022 |
| 750-885/0xx-xxx | >=FW17 | Q1 2022 |
| 750-889 | >=FW17 | Q1 2022 |
| 750-890/0xx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
PFC200 Controller
| Article Number | Affected Firmware Versions | Approx. Available |
|-------------------------|----------------------------|--------------------|
| 750-8202/xxx-xxx | >=FW20 | January 2022 |
| 750-8203/xxx-xxx | >=FW20 | January 2022 |
| 750-8204/xxx-xxx | >=FW20 | January 2022 |
| 750-8206/xxx-xxx | >=FW20 | January 2022 |
| 750-8207/xxx-xxx | >=FW20 | January 2022 |
| 750-8208/xxx-xxx | >=FW20 | January 2022 |
| 750-8210/xxx-xxx | >=FW20 | January 2022 |
| 750-8211/xxx-xxx | >=FW20 | January 2022 |
| 750-8212/xxx-xxx | >=FW20 | January 2022 |
| 750-8213/xxx-xxx | >=FW20 | January 2022 |
| 750-8214/xxx-xxx | >=FW20 | January 2022 |
| 750-8216/xxx-xxx | >=FW20 | January 2022 |
| 750-8217/xxx-xxx | >=FW20 | January 2022 |
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
9.1 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
Vendor Fix
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
| Article Number | Fixed Firmware Versions | Available |
|-------------------------|--------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-829 | >=FW17 | After BACnet certification |
| 750-831/000-00x | >=FW17 | After BACnet certification |
| 750-832/000-00x | >=FW10 | After BACnet certification |
| 750-852 | >=FW17 | Q1 2022 |
| 750-862 | >=FW10 | January 2022 |
| 750-880/0xx-xxx | >=FW17 | Q1 2022 |
| 750-881 | >=FW17 | Q1 2022 |
| 750-882 | >=FW17 | Q1 2022 |
| 750-885/0xx-xxx | >=FW17 | Q1 2022 |
| 750-889 | >=FW17 | Q1 2022 |
| 750-890/0xx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
PFC200 Controller
| Article Number | Affected Firmware Versions | Approx. Available |
|-------------------------|----------------------------|--------------------|
| 750-8202/xxx-xxx | >=FW20 | January 2022 |
| 750-8203/xxx-xxx | >=FW20 | January 2022 |
| 750-8204/xxx-xxx | >=FW20 | January 2022 |
| 750-8206/xxx-xxx | >=FW20 | January 2022 |
| 750-8207/xxx-xxx | >=FW20 | January 2022 |
| 750-8208/xxx-xxx | >=FW20 | January 2022 |
| 750-8210/xxx-xxx | >=FW20 | January 2022 |
| 750-8211/xxx-xxx | >=FW20 | January 2022 |
| 750-8212/xxx-xxx | >=FW20 | January 2022 |
| 750-8213/xxx-xxx | >=FW20 | January 2022 |
| 750-8214/xxx-xxx | >=FW20 | January 2022 |
| 750-8216/xxx-xxx | >=FW20 | January 2022 |
| 750-8217/xxx-xxx | >=FW20 | January 2022 |
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
8.1 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
Vendor Fix
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
| Article Number | Fixed Firmware Versions | Available |
|-------------------------|--------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-829 | >=FW17 | After BACnet certification |
| 750-831/000-00x | >=FW17 | After BACnet certification |
| 750-832/000-00x | >=FW10 | After BACnet certification |
| 750-852 | >=FW17 | Q1 2022 |
| 750-862 | >=FW10 | January 2022 |
| 750-880/0xx-xxx | >=FW17 | Q1 2022 |
| 750-881 | >=FW17 | Q1 2022 |
| 750-882 | >=FW17 | Q1 2022 |
| 750-885/0xx-xxx | >=FW17 | Q1 2022 |
| 750-889 | >=FW17 | Q1 2022 |
| 750-890/0xx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
PFC200 Controller
| Article Number | Affected Firmware Versions | Approx. Available |
|-------------------------|----------------------------|--------------------|
| 750-8202/xxx-xxx | >=FW20 | January 2022 |
| 750-8203/xxx-xxx | >=FW20 | January 2022 |
| 750-8204/xxx-xxx | >=FW20 | January 2022 |
| 750-8206/xxx-xxx | >=FW20 | January 2022 |
| 750-8207/xxx-xxx | >=FW20 | January 2022 |
| 750-8208/xxx-xxx | >=FW20 | January 2022 |
| 750-8210/xxx-xxx | >=FW20 | January 2022 |
| 750-8211/xxx-xxx | >=FW20 | January 2022 |
| 750-8212/xxx-xxx | >=FW20 | January 2022 |
| 750-8213/xxx-xxx | >=FW20 | January 2022 |
| 750-8214/xxx-xxx | >=FW20 | January 2022 |
| 750-8216/xxx-xxx | >=FW20 | January 2022 |
| 750-8217/xxx-xxx | >=FW20 | January 2022 |
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
7.5 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
Vendor Fix
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
| Article Number | Fixed Firmware Versions | Available |
|-------------------------|--------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-829 | >=FW17 | After BACnet certification |
| 750-831/000-00x | >=FW17 | After BACnet certification |
| 750-832/000-00x | >=FW10 | After BACnet certification |
| 750-852 | >=FW17 | Q1 2022 |
| 750-862 | >=FW10 | January 2022 |
| 750-880/0xx-xxx | >=FW17 | Q1 2022 |
| 750-881 | >=FW17 | Q1 2022 |
| 750-882 | >=FW17 | Q1 2022 |
| 750-885/0xx-xxx | >=FW17 | Q1 2022 |
| 750-889 | >=FW17 | Q1 2022 |
| 750-890/0xx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
PFC200 Controller
| Article Number | Affected Firmware Versions | Approx. Available |
|-------------------------|----------------------------|--------------------|
| 750-8202/xxx-xxx | >=FW20 | January 2022 |
| 750-8203/xxx-xxx | >=FW20 | January 2022 |
| 750-8204/xxx-xxx | >=FW20 | January 2022 |
| 750-8206/xxx-xxx | >=FW20 | January 2022 |
| 750-8207/xxx-xxx | >=FW20 | January 2022 |
| 750-8208/xxx-xxx | >=FW20 | January 2022 |
| 750-8210/xxx-xxx | >=FW20 | January 2022 |
| 750-8211/xxx-xxx | >=FW20 | January 2022 |
| 750-8212/xxx-xxx | >=FW20 | January 2022 |
| 750-8213/xxx-xxx | >=FW20 | January 2022 |
| 750-8214/xxx-xxx | >=FW20 | January 2022 |
| 750-8216/xxx-xxx | >=FW20 | January 2022 |
| 750-8217/xxx-xxx | >=FW20 | January 2022 |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
7.5 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
Vendor Fix
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
| Article Number | Fixed Firmware Versions | Available |
|-------------------------|--------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-829 | >=FW17 | After BACnet certification |
| 750-831/000-00x | >=FW17 | After BACnet certification |
| 750-832/000-00x | >=FW10 | After BACnet certification |
| 750-852 | >=FW17 | Q1 2022 |
| 750-862 | >=FW10 | January 2022 |
| 750-880/0xx-xxx | >=FW17 | Q1 2022 |
| 750-881 | >=FW17 | Q1 2022 |
| 750-882 | >=FW17 | Q1 2022 |
| 750-885/0xx-xxx | >=FW17 | Q1 2022 |
| 750-889 | >=FW17 | Q1 2022 |
| 750-890/0xx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
PFC200 Controller
| Article Number | Affected Firmware Versions | Approx. Available |
|-------------------------|----------------------------|--------------------|
| 750-8202/xxx-xxx | >=FW20 | January 2022 |
| 750-8203/xxx-xxx | >=FW20 | January 2022 |
| 750-8204/xxx-xxx | >=FW20 | January 2022 |
| 750-8206/xxx-xxx | >=FW20 | January 2022 |
| 750-8207/xxx-xxx | >=FW20 | January 2022 |
| 750-8208/xxx-xxx | >=FW20 | January 2022 |
| 750-8210/xxx-xxx | >=FW20 | January 2022 |
| 750-8211/xxx-xxx | >=FW20 | January 2022 |
| 750-8212/xxx-xxx | >=FW20 | January 2022 |
| 750-8213/xxx-xxx | >=FW20 | January 2022 |
| 750-8214/xxx-xxx | >=FW20 | January 2022 |
| 750-8216/xxx-xxx | >=FW20 | January 2022 |
| 750-8217/xxx-xxx | >=FW20 | January 2022 |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
7.5 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
Vendor Fix
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
| Article Number | Fixed Firmware Versions | Available |
|-------------------------|--------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-829 | >=FW17 | After BACnet certification |
| 750-831/000-00x | >=FW17 | After BACnet certification |
| 750-832/000-00x | >=FW10 | After BACnet certification |
| 750-852 | >=FW17 | Q1 2022 |
| 750-862 | >=FW10 | January 2022 |
| 750-880/0xx-xxx | >=FW17 | Q1 2022 |
| 750-881 | >=FW17 | Q1 2022 |
| 750-882 | >=FW17 | Q1 2022 |
| 750-885/0xx-xxx | >=FW17 | Q1 2022 |
| 750-889 | >=FW17 | Q1 2022 |
| 750-890/0xx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
PFC200 Controller
| Article Number | Affected Firmware Versions | Approx. Available |
|-------------------------|----------------------------|--------------------|
| 750-8202/xxx-xxx | >=FW20 | January 2022 |
| 750-8203/xxx-xxx | >=FW20 | January 2022 |
| 750-8204/xxx-xxx | >=FW20 | January 2022 |
| 750-8206/xxx-xxx | >=FW20 | January 2022 |
| 750-8207/xxx-xxx | >=FW20 | January 2022 |
| 750-8208/xxx-xxx | >=FW20 | January 2022 |
| 750-8210/xxx-xxx | >=FW20 | January 2022 |
| 750-8211/xxx-xxx | >=FW20 | January 2022 |
| 750-8212/xxx-xxx | >=FW20 | January 2022 |
| 750-8213/xxx-xxx | >=FW20 | January 2022 |
| 750-8214/xxx-xxx | >=FW20 | January 2022 |
| 750-8216/xxx-xxx | >=FW20 | January 2022 |
| 750-8217/xxx-xxx | >=FW20 | January 2022 |
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
6.5 (Medium)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
Vendor Fix
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
| Article Number | Fixed Firmware Versions | Available |
|-------------------------|--------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-829 | >=FW17 | After BACnet certification |
| 750-831/000-00x | >=FW17 | After BACnet certification |
| 750-832/000-00x | >=FW10 | After BACnet certification |
| 750-852 | >=FW17 | Q1 2022 |
| 750-862 | >=FW10 | January 2022 |
| 750-880/0xx-xxx | >=FW17 | Q1 2022 |
| 750-881 | >=FW17 | Q1 2022 |
| 750-882 | >=FW17 | Q1 2022 |
| 750-885/0xx-xxx | >=FW17 | Q1 2022 |
| 750-889 | >=FW17 | Q1 2022 |
| 750-890/0xx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
PFC200 Controller
| Article Number | Affected Firmware Versions | Approx. Available |
|-------------------------|----------------------------|--------------------|
| 750-8202/xxx-xxx | >=FW20 | January 2022 |
| 750-8203/xxx-xxx | >=FW20 | January 2022 |
| 750-8204/xxx-xxx | >=FW20 | January 2022 |
| 750-8206/xxx-xxx | >=FW20 | January 2022 |
| 750-8207/xxx-xxx | >=FW20 | January 2022 |
| 750-8208/xxx-xxx | >=FW20 | January 2022 |
| 750-8210/xxx-xxx | >=FW20 | January 2022 |
| 750-8211/xxx-xxx | >=FW20 | January 2022 |
| 750-8212/xxx-xxx | >=FW20 | January 2022 |
| 750-8213/xxx-xxx | >=FW20 | January 2022 |
| 750-8214/xxx-xxx | >=FW20 | January 2022 |
| 750-8216/xxx-xxx | >=FW20 | January 2022 |
| 750-8217/xxx-xxx | >=FW20 | January 2022 |
References
Acknowledgments
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Tenable Research",
"summary": "reported"
},
{
"names": [
"Gao Jian",
"Chen Jie"
],
"organization": "NSFOCUS",
"summary": "reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "\nMultiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLCs. All vulnerable PLCs are listed in chapter \u0027Affected Products\u0027.\nhttps://www.codesys.com/security/security-reports.html",
"title": "Summary"
},
{
"category": "description",
"text": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"title": "Mitigation"
},
{
"category": "description",
"text": "A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.",
"title": "Impact"
},
{
"category": "description",
"text": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893\nWe recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller\n| Article Number | Fixed Firmware Versions | Available |\n|-------------------------|--------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-829 | \u003e=FW17 | After BACnet certification |\n| 750-831/000-00x | \u003e=FW17 | After BACnet certification |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification |\n| 750-852 | \u003e=FW17 | Q1 2022 |\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-880/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-881 | \u003e=FW17 | Q1 2022 |\n| 750-882 | \u003e=FW17 | Q1 2022 |\n| 750-885/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-889 | \u003e=FW17 | Q1 2022 |\n| 750-890/0xx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n\nPFC200 Controller\n| Article Number | Affected Firmware Versions | Approx. Available |\n|-------------------------|----------------------------|--------------------|\n| 750-8202/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8203/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8204/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8206/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8207/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8208/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8210/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8211/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8212/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8213/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8214/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8216/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8217/xxx-xxx | \u003e=FW20 | January 2022 |\n",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT advisory overview at CERT@VDE",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2021-056: WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 and WebVisualisation - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-056"
},
{
"category": "self",
"summary": "VDE-2021-056: WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 and WebVisualisation - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-056.json"
}
],
"title": "WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 and WebVisualisation",
"tracking": {
"aliases": [
"VDE-2021-056"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-03-05T12:11:30.978Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.18"
}
},
"id": "VDE-2021-056",
"initial_release_date": "2021-11-16T14:11:00.000Z",
"revision_history": [
{
"date": "2021-11-16T14:11:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-24T08:48:00.000Z",
"number": "2",
"summary": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: added distribution, quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-8202/xxx-xxx",
"product": {
"name": "750-8202/xxx-xxx",
"product_id": "CSAFPID-11000"
}
},
{
"category": "product_name",
"name": "750-8203/xxx-xxx",
"product": {
"name": "750-8203/xxx-xxx",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-8204/xxx-xxx",
"product": {
"name": "750-8204/xxx-xxx",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-8206/xxx-xxx",
"product": {
"name": "750-8206/xxx-xxx",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-8207/xxx-xxx",
"product": {
"name": "750-8207/xxx-xxx",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "750-8208/xxx-xxx",
"product": {
"name": "750-8208/xxx-xxx",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "750-8210/xxx-xxx",
"product": {
"name": "750-8210/xxx-xxx",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "750-8211/xxx-xxx",
"product": {
"name": "750-8211/xxx-xxx",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "750-8212/xxx-xxx",
"product": {
"name": "750-8212/xxx-xxx",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "750-8213/xxx-xxx",
"product": {
"name": "750-8213/xxx-xxx",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "750-8214/xxx-xxx",
"product": {
"name": "750-8214/xxx-xxx",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "750-8216/xxx-xxx",
"product": {
"name": "750-8216/xxx-xxx",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "750-8217/xxx-xxx",
"product": {
"name": "750-8217/xxx-xxx",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11013"
}
},
{
"category": "product_name",
"name": "750-829",
"product": {
"name": "750-829",
"product_id": "CSAFPID-11014"
}
},
{
"category": "product_name",
"name": "750-831/000-00x",
"product": {
"name": "750-831/000-00x",
"product_id": "CSAFPID-11015"
}
},
{
"category": "product_name",
"name": "750-832/000-00x",
"product": {
"name": "750-832/000-00x",
"product_id": "CSAFPID-11016"
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "750-852",
"product_id": "CSAFPID-11017"
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11018"
}
},
{
"category": "product_name",
"name": "750-880/0xx-xxx",
"product": {
"name": "750-880/0xx-xxx",
"product_id": "CSAFPID-11019"
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "750-881",
"product_id": "CSAFPID-11020"
}
},
{
"category": "product_name",
"name": "750-882",
"product": {
"name": "750-882",
"product_id": "CSAFPID-11021"
}
},
{
"category": "product_name",
"name": "750-885/0xx-xxx",
"product": {
"name": "750-885/0xx-xxx",
"product_id": "CSAFPID-11022"
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "750-889",
"product_id": "CSAFPID-11023"
}
},
{
"category": "product_name",
"name": "750-890/0xx-xxx",
"product": {
"name": "750-890/0xx-xxx",
"product_id": "CSAFPID-11024"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11025"
}
},
{
"category": "product_name",
"name": "750-893",
"product": {
"name": "750-893",
"product_id": "CSAFPID-11026"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=03.07.14 (19)",
"product": {
"name": "Firmware \u003c=03.07.14 (19)",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW09",
"product": {
"name": "Firmware \u003c=FW09",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW14",
"product": {
"name": "Firmware \u003c=FW14",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW16",
"product": {
"name": "Firmware \u003c=FW16",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "FW10",
"product": {
"name": "Firmware FW10",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW17",
"product": {
"name": "Firmware FW17",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "FW20",
"product": {
"name": "Firmware FW20",
"product_id": "CSAFPID-22003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
],
"summary": "affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14 (19) installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-823",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-829",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-831/000-00x",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-832/000-00x",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-852",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-862",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-880/0xx-xxx",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-881",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-882",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-885/0xx-xxx",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-889",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-891",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-893",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW10 installed on 750-823",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-829",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-831/000-00x",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW10 installed on 750-832/000-00x",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-852",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW10 installed on 750-862",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-880/0xx-xxx",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-881",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-882",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-885/0xx-xxx",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-889",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW10 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW10 installed on 750-891",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW10 installed on 750-893",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8202/xxx-xxx",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11000"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8203/xxx-xxx",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8204/xxx-xxx",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8206/xxx-xxx",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8207/xxx-xxx",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8208/xxx-xxx",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8210/xxx-xxx",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8211/xxx-xxx",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8212/xxx-xxx",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8213/xxx-xxx",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8214/xxx-xxx",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8216/xxx-xxx",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW20 installed on 750-8217/xxx-xxx",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11012"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34584",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893\nWe recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller\n| Article Number | Fixed Firmware Versions | Available |\n|-------------------------|--------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-829 | \u003e=FW17 | After BACnet certification |\n| 750-831/000-00x | \u003e=FW17 | After BACnet certification |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification |\n| 750-852 | \u003e=FW17 | Q1 2022 |\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-880/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-881 | \u003e=FW17 | Q1 2022 |\n| 750-882 | \u003e=FW17 | Q1 2022 |\n| 750-885/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-889 | \u003e=FW17 | Q1 2022 |\n| 750-890/0xx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n\nPFC200 Controller\n| Article Number | Affected Firmware Versions | Approx. Available |\n|-------------------------|----------------------------|--------------------|\n| 750-8202/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8203/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8204/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8206/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8207/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8208/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8210/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8211/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8212/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8213/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8214/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8216/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8217/xxx-xxx | \u003e=FW20 | January 2022 |\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-33541"
},
{
"cve": "CVE-2021-34595",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893\nWe recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller\n| Article Number | Fixed Firmware Versions | Available |\n|-------------------------|--------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-829 | \u003e=FW17 | After BACnet certification |\n| 750-831/000-00x | \u003e=FW17 | After BACnet certification |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification |\n| 750-852 | \u003e=FW17 | Q1 2022 |\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-880/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-881 | \u003e=FW17 | Q1 2022 |\n| 750-882 | \u003e=FW17 | Q1 2022 |\n| 750-885/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-889 | \u003e=FW17 | Q1 2022 |\n| 750-890/0xx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n\nPFC200 Controller\n| Article Number | Affected Firmware Versions | Approx. Available |\n|-------------------------|----------------------------|--------------------|\n| 750-8202/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8203/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8204/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8206/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8207/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8208/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8210/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8211/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8212/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8213/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8214/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8216/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8217/xxx-xxx | \u003e=FW20 | January 2022 |\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-34595"
},
{
"cve": "CVE-2021-34583",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893\nWe recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller\n| Article Number | Fixed Firmware Versions | Available |\n|-------------------------|--------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-829 | \u003e=FW17 | After BACnet certification |\n| 750-831/000-00x | \u003e=FW17 | After BACnet certification |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification |\n| 750-852 | \u003e=FW17 | Q1 2022 |\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-880/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-881 | \u003e=FW17 | Q1 2022 |\n| 750-882 | \u003e=FW17 | Q1 2022 |\n| 750-885/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-889 | \u003e=FW17 | Q1 2022 |\n| 750-890/0xx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n\nPFC200 Controller\n| Article Number | Affected Firmware Versions | Approx. Available |\n|-------------------------|----------------------------|--------------------|\n| 750-8202/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8203/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8204/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8206/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8207/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8208/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8210/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8211/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8212/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8213/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8214/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8216/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8217/xxx-xxx | \u003e=FW20 | January 2022 |\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-34583"
},
{
"cve": "CVE-2021-34585",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "description",
"text": "\nIn the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893\nWe recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller\n| Article Number | Fixed Firmware Versions | Available |\n|-------------------------|--------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-829 | \u003e=FW17 | After BACnet certification |\n| 750-831/000-00x | \u003e=FW17 | After BACnet certification |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification |\n| 750-852 | \u003e=FW17 | Q1 2022 |\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-880/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-881 | \u003e=FW17 | Q1 2022 |\n| 750-882 | \u003e=FW17 | Q1 2022 |\n| 750-885/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-889 | \u003e=FW17 | Q1 2022 |\n| 750-890/0xx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n\nPFC200 Controller\n| Article Number | Affected Firmware Versions | Approx. Available |\n|-------------------------|----------------------------|--------------------|\n| 750-8202/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8203/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8204/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8206/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8207/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8208/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8210/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8211/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8212/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8213/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8214/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8216/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8217/xxx-xxx | \u003e=FW20 | January 2022 |\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-34585"
},
{
"cve": "CVE-2021-34586",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893\nWe recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller\n| Article Number | Fixed Firmware Versions | Available |\n|-------------------------|--------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-829 | \u003e=FW17 | After BACnet certification |\n| 750-831/000-00x | \u003e=FW17 | After BACnet certification |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification |\n| 750-852 | \u003e=FW17 | Q1 2022 |\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-880/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-881 | \u003e=FW17 | Q1 2022 |\n| 750-882 | \u003e=FW17 | Q1 2022 |\n| 750-885/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-889 | \u003e=FW17 | Q1 2022 |\n| 750-890/0xx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n\nPFC200 Controller\n| Article Number | Affected Firmware Versions | Approx. Available |\n|-------------------------|----------------------------|--------------------|\n| 750-8202/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8203/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8204/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8206/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8207/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8208/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8210/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8211/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8212/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8213/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8214/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8216/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8217/xxx-xxx | \u003e=FW20 | January 2022 |\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-34586"
},
{
"cve": "CVE-2021-34596",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "description",
"text": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the CODESYS 2.3 WebVisualisation and CODESYS 2.3 port 2455.\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893\nWe recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.\n\nSeries Ethernet Controller\n| Article Number | Fixed Firmware Versions | Available |\n|-------------------------|--------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-829 | \u003e=FW17 | After BACnet certification |\n| 750-831/000-00x | \u003e=FW17 | After BACnet certification |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification |\n| 750-852 | \u003e=FW17 | Q1 2022 |\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-880/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-881 | \u003e=FW17 | Q1 2022 |\n| 750-882 | \u003e=FW17 | Q1 2022 |\n| 750-885/0xx-xxx | \u003e=FW17 | Q1 2022 |\n| 750-889 | \u003e=FW17 | Q1 2022 |\n| 750-890/0xx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n\nPFC200 Controller\n| Article Number | Affected Firmware Versions | Approx. Available |\n|-------------------------|----------------------------|--------------------|\n| 750-8202/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8203/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8204/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8206/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8207/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8208/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8210/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8211/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8212/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8213/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8214/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8216/xxx-xxx | \u003e=FW20 | January 2022 |\n| 750-8217/xxx-xxx | \u003e=FW20 | January 2022 |\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027"
]
}
],
"title": "CVE-2021-34596"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…