Login Sign Up

CVE-2021-30186

7.5 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2021-30186 is a heap-based buffer overflow vulnerability in CODESYS V2 runtime system SP. This vulnerability allows attackers to execute arbitrary code or cause denial of service by sending specially crafted requests. Organizations using CODESYS V2 runtime system SP for industrial control systems are affected.

💻 Affected Systems

Products:
  • CODESYS V2 runtime system SP
Versions: All versions before 2.4.7.55
Operating Systems: Windows, Linux, Various real-time operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects CODESYS V2 runtime systems used in industrial control environments, particularly PLCs and automation controllers.

📦 What is this software?

750 8202 Firmware by Wago

View all CVEs affecting 750 8202 Firmware →

750 8203 Firmware by Wago

View all CVEs affecting 750 8203 Firmware →

750 8204 Firmware by Wago

View all CVEs affecting 750 8204 Firmware →

750 8206 Firmware by Wago

View all CVEs affecting 750 8206 Firmware →

750 8207 Firmware by Wago

View all CVEs affecting 750 8207 Firmware →

750 8208 Firmware by Wago

View all CVEs affecting 750 8208 Firmware →

750 8210 Firmware by Wago

View all CVEs affecting 750 8210 Firmware →

750 8211 Firmware by Wago

View all CVEs affecting 750 8211 Firmware →

750 8212 Firmware by Wago

View all CVEs affecting 750 8212 Firmware →

750 8213 Firmware by Wago

View all CVEs affecting 750 8213 Firmware →

750 8214 Firmware by Wago

View all CVEs affecting 750 8214 Firmware →

750 8216 Firmware by Wago

View all CVEs affecting 750 8216 Firmware →

750 8217 Firmware by Wago

View all CVEs affecting 750 8217 Firmware →

750 823 Firmware by Wago

View all CVEs affecting 750 823 Firmware →

750 829 Firmware by Wago

View all CVEs affecting 750 829 Firmware →

750 831 Firmware by Wago

View all CVEs affecting 750 831 Firmware →

750 832 Firmware by Wago

View all CVEs affecting 750 832 Firmware →

750 852 Firmware by Wago

View all CVEs affecting 750 852 Firmware →

750 862 Firmware by Wago

View all CVEs affecting 750 862 Firmware →

750 880 Firmware by Wago

View all CVEs affecting 750 880 Firmware →

750 881 Firmware by Wago

View all CVEs affecting 750 881 Firmware →

750 882 Firmware by Wago

View all CVEs affecting 750 882 Firmware →

750 885 Firmware by Wago

View all CVEs affecting 750 885 Firmware →

750 889 Firmware by Wago

View all CVEs affecting 750 889 Firmware →

750 890 Firmware by Wago

View all CVEs affecting 750 890 Firmware →

750 891 Firmware by Wago

View all CVEs affecting 750 891 Firmware →

750 893 Firmware by Wago

View all CVEs affecting 750 893 Firmware →

Plcwinnt by Codesys

View all CVEs affecting Plcwinnt →

Runtime Toolkit by Codesys

View all CVEs affecting Runtime Toolkit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, manipulation of industrial processes, or permanent system damage.

🟠

Likely Case

Denial of service causing PLC/programmable logic controller disruption and industrial process downtime.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can remotely exploit without authentication.
🏢 Internal Only: MEDIUM - Requires internal network access but could be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Heap-based buffer overflows typically require specific knowledge of memory layout but can be exploited remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.7.55 or later

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download=

Restart Required: Yes

Instructions:

1. Download patch from CODESYS customer portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart affected systems. 5. Verify version update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate CODESYS systems from untrusted networks and internet

Access Control Restrictions

all

Implement strict firewall rules to limit access to CODESYS ports

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems
  • Deploy intrusion detection systems monitoring for buffer overflow attempts

🔍 How to Verify

Check if Vulnerable:

Check CODESYS runtime version via CODESYS development environment or system properties

Check Version:

Check via CODESYS IDE: Project → Target Settings → Device → Version

Verify Fix Applied:

Verify version is 2.4.7.55 or higher in CODESYS development environment

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes
  • Memory access violations
  • Abnormal network traffic to CODESYS ports

Network Indicators:

  • Unusual traffic patterns to CODESYS ports (typically 1217, 2455)
  • Malformed packets targeting CODESYS services

SIEM Query:

source="codesys" AND (event_type="crash" OR event_type="memory_violation")

📊 Metadata

CVE ID: CVE-2021-30186
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: May 25, 2021
Last Updated: August 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30186, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)