CVE-2021-29239 – CVE-2021-29239 is a vulnerability in CODESYS De... (How to Fix)

Q: What is the severity of CVE-2021-29239?

CVE-2021-29239 has a CVSS score of 7.8 (HIGH). CVE-2021-29239 is a vulnerability in CODESYS Development System 3 where malicious documents or files embedded in libraries are displayed or executed without proper validation checks. This allows attackers to execute arbitrary code or cause denial of service. Affected users are those running CODESYS Development System 3 versions before 3.5.17.0.

📋 TL;DR

CVE-2021-29239 is a vulnerability in CODESYS Development System 3 where malicious documents or files embedded in libraries are displayed or executed without proper validation checks. This allows attackers to execute arbitrary code or cause denial of service. Affected users are those running CODESYS Development System 3 versions before 3.5.17.0.

💻 Affected Systems

Products:

CODESYS Development System 3

Versions: All versions before 3.5.17.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the development environment, not runtime systems. Vulnerability triggers when opening malicious libraries.

📦 What is this software?

Development System by Codesys

View all CVEs affecting Development System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment on engineering workstations.

🟠

Likely Case

Malicious code execution within the CODESYS environment, potentially compromising PLC programming projects or engineering systems.

🟢

If Mitigated

Limited impact with proper network segmentation and user privilege restrictions, potentially only affecting isolated development environments.

🌐 Internet-Facing: LOW - CODESYS Development System is typically not exposed to the internet directly.

🏢 Internal Only: HIGH - Attackers with internal network access could exploit this via malicious libraries shared among engineering teams.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious library). No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.17.0

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download=

Restart Required: Yes

Instructions:

1. Download CODESYS Development System 3 version 3.5.17.0 or later from CODESYS customer portal. 2. Run installer with administrative privileges. 3. Follow installation wizard. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Library Validation Restriction

all

Implement strict controls on library sources and require validation before use.

User Privilege Reduction

all

Run CODESYS Development System with limited user privileges to reduce impact.

🧯 If You Can't Patch

Restrict library imports to trusted sources only
Implement network segmentation to isolate CODESYS development systems

🔍 How to Verify

Check if Vulnerable:

Check CODESYS Development System version in Help > About. If version is below 3.5.17.0, system is vulnerable.

Check Version:

In CODESYS Development System: Help > About menu option

Verify Fix Applied:

After patching, verify version shows 3.5.17.0 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

Unexpected library loading events
CODESYS crash logs with memory corruption indicators

Network Indicators:

Unusual network connections from CODESYS process
Downloads from untrusted library sources

SIEM Query:

Process: CODESYS.exe AND (EventID: 1000 OR EventID: 1001) OR File: *.library AND Source: ExternalNetwork

📊 Metadata

CVE ID: CVE-2021-29239

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

Published: May 3, 2021

Last Updated: November 21, 2024

🔗 References

https://customers.codesys.com/index.php Permissions Required,Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download= Vendor Advisory
https://www.codesys.com/security/security-reports.html Vendor Advisory
https://customers.codesys.com/index.php Permissions Required,Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download= Vendor Advisory
https://www.codesys.com/security/security-reports.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29239, you might also want to check these: