CVE-2021-34595
CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service
In short
A specially crafted request with invalid offsets can cause the CODESYS V2 Runtime to read or write outside its allowed memory boundaries, crashing the system or corrupting data on the affected machine.
Technical detail
Out-of-bounds memory access vulnerability in CODESYS V2 Runtime Toolkit 32 Bit and PLCWinNT (pre-V2.4.7.56) triggered by malformed requests with invalid offsets; attackers with local access can trigger denial-of-service or overwrite sensitive memory regions. The vulnerability requires crafting specific requests that bypass bounds validation during memory operations.
Summary generated and translated by AI from the official description.
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected products
CODESYS · CODESYS V2Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →