CVE-2021-42705 – CVE-2021-42705 is a stack-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2021-42705?

CVE-2021-42705 has a CVSS score of 7.8 (HIGH). CVE-2021-42705 is a stack-based buffer overflow vulnerability in PLC Editor versions 1.3.8 and earlier that allows attackers to execute arbitrary code by crafting malicious project files. This affects industrial control system operators and engineers who use this software for programming PLCs. Successful exploitation could compromise the engineering workstation and potentially spread to connected industrial systems.

📋 TL;DR

CVE-2021-42705 is a stack-based buffer overflow vulnerability in PLC Editor versions 1.3.8 and earlier that allows attackers to execute arbitrary code by crafting malicious project files. This affects industrial control system operators and engineers who use this software for programming PLCs. Successful exploitation could compromise the engineering workstation and potentially spread to connected industrial systems.

💻 Affected Systems

Products:

PLC Editor

Versions: Versions 1.3.8 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing specially crafted project files (.prj). Requires user interaction to open malicious file.

📦 What is this software?

Plc Editor by We Con

View all CVEs affecting Plc Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of engineering workstation leading to lateral movement into industrial control systems, manipulation of PLC logic, disruption of industrial processes, or physical damage to equipment.

🟠

Likely Case

Compromise of engineering workstation leading to data theft, credential harvesting, or installation of persistent malware for future attacks on industrial networks.

🟢

If Mitigated

Isolated compromise of engineering workstation with no impact on operational systems due to proper network segmentation and air-gapping.

🌐 Internet-Facing: LOW - PLC Editor is typically not exposed to the internet and requires local project file access.

🏢 Internal Only: HIGH - Attackers with internal access could exploit via malicious project files, phishing, or compromised network shares.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to open malicious project file. Buffer overflow leads to arbitrary code execution with user privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.3.9 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01

Restart Required: Yes

Instructions:

1. Download PLC Editor version 1.3.9 or later from official vendor source. 2. Uninstall previous version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict project file execution

windows

Configure Windows to open .prj files with a text editor instead of PLC Editor

Right-click .prj file > Open with > Choose another app > Select Notepad > Check 'Always use this app'

Application whitelisting

windows

Use AppLocker or similar to restrict execution of PLC Editor to trusted locations only

🧯 If You Can't Patch

Implement strict file validation: Only open project files from trusted sources, verify file integrity before opening.
Network segmentation: Isolate engineering workstations from operational networks and internet access.

🔍 How to Verify

Check if Vulnerable:

Check PLC Editor version via Help > About menu. If version is 1.3.8 or earlier, system is vulnerable.

Check Version:

Open PLC Editor, navigate to Help > About menu

Verify Fix Applied:

After update, verify version shows 1.3.9 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes of PLC Editor with stack overflow errors
Unusual process creation from PLC Editor executable
Multiple failed attempts to open corrupted project files

Network Indicators:

Unusual outbound connections from engineering workstation
File transfers of .prj files from untrusted sources

SIEM Query:

source="PLC Editor" AND (event_type="crash" OR process_name="cmd.exe" OR process_name="powershell.exe")

📊 Metadata

CVE ID: CVE-2021-42705

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: November 22, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42705, you might also want to check these: