PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit

Gerhard Hechenberger

Published

2021-10-26

Updated

2025-08-15

CVE-2021-34593

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56

Description: The issue allows unauthenticated crafted invalid requests to result in several denial-of-service conditions. This can cause running PLC programs to be stopped, memory to be leaked, or further communication clients to be blocked from accessing the PLC.

Recommendations: For versions prior to V2.4.7.56, update to version V2.4.7.56 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

CVE-2021-34593

Affected Products

Codesys V2 Runtime Toolkit

PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit

CVE-2021-34593

Weakness Enumeration

Related Identifiers

Affected Products

References · 10