PT-2021-18137 · 3S Smart Software Solutions · Codesys Development System 3

Published

2021-05-04

Updated

2021-05-11

CVE-2021-29240

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: CODESYS Development System 3 versions prior to 3.5.17.0

Description: The issue concerns the Package Manager of the CODESYS Development System 3, which does not validate packages before installation. This oversight allows for the potential installation of CODESYS packages containing malicious content.

Recommendations: For versions prior to 3.5.17.0, update to version 3.5.17.0 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-29240

Affected Products

Codesys Development System 3

PT-2021-18137 · 3S Smart Software Solutions · Codesys Development System 3

CVE-2021-29240

Related Identifiers

Affected Products

References · 7