CVE-2021-30188

Q: What is the severity of CVE-2021-30188?

CVE-2021-30188 has a CVSS score of 9.8 (CRITICAL). CVE-2021-30188 is a critical stack-based buffer overflow vulnerability in CODESYS V2 runtime systems. It allows remote attackers to execute arbitrary code on affected industrial control systems. Organizations using CODESYS V2 runtime for industrial automation are affected.

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-30188 is a critical stack-based buffer overflow vulnerability in CODESYS V2 runtime systems. It allows remote attackers to execute arbitrary code on affected industrial control systems. Organizations using CODESYS V2 runtime for industrial automation are affected.

💻 Affected Systems

Products:

CODESYS V2 runtime system SP

Versions: All versions before 2.4.7.55

Operating Systems: Windows, Linux, Various real-time operating systems supported by CODESYS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects industrial control systems and PLCs using CODESYS V2 runtime. Critical for operational technology environments.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to remote code execution, potential disruption of industrial processes, and lateral movement within operational technology networks.

🟠

Likely Case

Remote code execution allowing attackers to manipulate industrial processes, steal sensitive data, or disrupt operations.

🟢

If Mitigated

Limited impact if systems are isolated, patched, and have proper network segmentation with industrial firewall rules.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical remote exploitability without authentication.

🏢 Internal Only: HIGH - Even internally, this allows lateral movement and critical system compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow vulnerabilities in industrial control systems are frequently targeted. CVSS 9.8 suggests straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.7.55 or later

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download=

Restart Required: Yes

Instructions:

1. Download patch from CODESYS customer portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart affected systems. 5. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate CODESYS systems from untrusted networks using industrial firewalls and VLANs.

Access Control Restrictions

all

Implement strict network access controls to limit connections to CODESYS runtime systems.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from all untrusted networks.
Deploy industrial intrusion detection systems to monitor for exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check CODESYS runtime version via CODESYS development environment or system properties.

Check Version:

Check via CODESYS IDE: Project → Target Settings → Device → Version

Verify Fix Applied:

Verify version is 2.4.7.55 or later in CODESYS development environment.

📡 Detection & Monitoring

Log Indicators:

Unusual network connections to CODESYS ports (1200, 1217)
Abnormal process creation on industrial controllers
Memory access violations in system logs

Network Indicators:

Unexpected traffic to CODESYS runtime ports from unauthorized sources
Malformed packets targeting CODESYS services

SIEM Query:

source_port=1200 OR source_port=1217 AND (event_type="buffer_overflow" OR event_type="memory_violation")

📊 Metadata

CVE ID: CVE-2021-30188

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 25, 2021

Last Updated: August 15, 2025

🔗 References

https://customers.codesys.com/index.php Permissions Required,Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= Vendor Advisory
https://customers.codesys.com/index.php Permissions Required,Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14725&token=08691519ef764b252630759eff925890176ecd78&download= Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

750 8202 Firmware by Wago

750 8203 Firmware by Wago

750 8204 Firmware by Wago

750 8206 Firmware by Wago

750 8207 Firmware by Wago

750 8208 Firmware by Wago

750 8210 Firmware by Wago

750 8211 Firmware by Wago

750 8212 Firmware by Wago

750 8213 Firmware by Wago

750 8214 Firmware by Wago

750 8216 Firmware by Wago

750 8217 Firmware by Wago

750 823 Firmware by Wago

750 829 Firmware by Wago

750 831 Firmware by Wago

750 832 Firmware by Wago

750 852 Firmware by Wago

750 862 Firmware by Wago

750 880 Firmware by Wago

750 881 Firmware by Wago

750 882 Firmware by Wago

750 885 Firmware by Wago

750 889 Firmware by Wago

750 890 Firmware by Wago

750 891 Firmware by Wago

750 893 Firmware by Wago

V2 Runtime System Sp by Codesys