CVE-2021-29242

Q: What is the severity of CVE-2021-29242?

CVE-2021-29242 has a CVSS score of 7.3 (HIGH). CVE-2021-29242 is an improper input validation vulnerability in CODESYS Control Runtime systems that allows attackers to send crafted packets to manipulate the router's addressing scheme. This can enable attackers to reroute, add, remove, or modify low-level communication packages. Organizations using CODESYS Control Runtime for industrial automation and control systems are affected.

7.3 HIGH

📋 TL;DR

CVE-2021-29242 is an improper input validation vulnerability in CODESYS Control Runtime systems that allows attackers to send crafted packets to manipulate the router's addressing scheme. This can enable attackers to reroute, add, remove, or modify low-level communication packages. Organizations using CODESYS Control Runtime for industrial automation and control systems are affected.

💻 Affected Systems

Products:

CODESYS Control Runtime

Versions: All versions before 3.5.17.0

Operating Systems: Windows, Linux, Various real-time operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects CODESYS-based industrial control systems across various industries including manufacturing, energy, and infrastructure.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate industrial control system communications to cause physical damage, disrupt critical processes, or create safety hazards by altering control commands.

🟠

Likely Case

Attackers could disrupt industrial operations, cause production downtime, or manipulate data flows to hide malicious activities.

🟢

If Mitigated

With proper network segmentation and monitoring, impact would be limited to communication disruptions within isolated network segments.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers could directly exploit without internal access.

🏢 Internal Only: MEDIUM - Requires internal network access but could be exploited by compromised devices or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to CODESYS communication ports and knowledge of the protocol.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.17.0 and later

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=

Restart Required: Yes

Instructions:

1. Download CODESYS Control Runtime version 3.5.17.0 or later from CODESYS customer portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the system. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate CODESYS systems in dedicated network segments with strict firewall rules.

Communication Port Restrictions

all

Restrict access to CODESYS communication ports (typically 1217, 1740-1743) to trusted systems only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate CODESYS systems from untrusted networks
Deploy intrusion detection systems to monitor for anomalous communication patterns

🔍 How to Verify

Check if Vulnerable:

Check CODESYS Control Runtime version via CODESYS IDE or system information tools. Versions below 3.5.17.0 are vulnerable.

Check Version:

Check via CODESYS IDE: Project → Device → Device Information or system-specific commands depending on platform.

Verify Fix Applied:

Verify version is 3.5.17.0 or higher and test communication functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual communication patterns
Unexpected router configuration changes
Failed authentication attempts on CODESYS ports

Network Indicators:

Malformed packets to CODESYS ports (1217, 1740-1743)
Unexpected routing changes in industrial network traffic

SIEM Query:

source_port:1217 OR source_port:1740-1743 AND (packet_size:anomalous OR protocol_violation:true)

📊 Metadata

CVE ID: CVE-2021-29242

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

Published: May 3, 2021

Last Updated: November 21, 2024

🔗 References

https://customers.codesys.com/index.php Permissions Required,Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= Vendor Advisory
https://www.codesys.com/security/security-reports.html Vendor Advisory
https://customers.codesys.com/index.php Permissions Required,Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= Vendor Advisory
https://www.codesys.com/security/security-reports.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Control For Beaglebone Sl by Codesys

Control For Empc A\/imx6 Sl by Codesys

Control For Iot2000 Sl by Codesys

Control For Linux Arm Sl by Codesys

Control For Linux Sl by Codesys

Control For Pfc100 Sl by Codesys

Control For Pfc200 Sl by Codesys

Control For Plcnext Sl by Codesys

Control For Raspberry Pi Sl by Codesys

Control For Wago Touch Panels 600 Sl by Codesys

Control Rte by Codesys

Control Rte by Codesys

Control Runtime System Toolkit by Codesys

Control Win by Codesys

Edge Gateway by Codesys

Edge Gateway by Codesys

Embedded Target Visu Toolkit by Codesys

Gateway by Codesys

Hmi by Codesys

Opc Server by Codesys

Plchandler by Codesys

Remote Target Visu Toolkit by Codesys

Safety Sil by Codesys

Simulation Runtime by Codesys