CVE-2021-34599

Name of the Vulnerable Software and Affected Versions: CODESYS Git versions prior to V1.1.0.0

Description: The issue concerns a lack of certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, which means it does not verify that the server provides a valid and trusted HTTPS certificate. This lack of verification makes the server connection vulnerable to a man-in-the-middle attack.

Recommendations: For versions prior to V1.1.0.0, update to version V1.1.0.0 or later to resolve the issue. As a temporary workaround, consider disabling HTTPS connections until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.