CVE-2021-34593

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*

Configuration 14 (hide)

OR cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*

History

15 Aug 2025, 20:25

Type Values Removed Values Added
First Time Wago 750-8212
Wago 750-8217 Firmware
Wago 750-8216 Firmware
Wago 750-8208
Wago 750-8203
Wago 750-8208 Firmware
Wago 750-8203 Firmware
Wago
Wago 750-8213
Wago 750-8214
Wago 750-8210 Firmware
Wago 750-8214 Firmware
Wago 750-8204
Wago 750-8207
Wago 750-8217
Wago 750-8213 Firmware
Wago 750-8216
Wago 750-8211 Firmware
Wago 750-8206
Wago 750-8202 Firmware
Wago 750-8211
Wago 750-8210
Wago 750-8202
Wago 750-8212 Firmware
Wago 750-8204 Firmware
Wago 750-8207 Firmware
Wago 750-8206 Firmware
CPE cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8208:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8217_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*
cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*

21 Nov 2024, 06:10

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2021/Oct/64 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Oct/64 - Mailing List, Third Party Advisory
References () https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download= - Vendor Advisory () https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download= - Vendor Advisory

12 Apr 2022, 18:05

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - Third Party Advisory, VDB Entry (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html - (MISC) http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html - Exploit, Third Party Advisory, VDB Entry

04 Feb 2022, 20:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/165874/WAGO-750-8xxx-PLC-Denial-Of-Service-User-Enumeration.html -

23 Nov 2021, 20:04

Type Values Removed Values Added
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/64 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/64 - Mailing List, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - Third Party Advisory, VDB Entry

17 Nov 2021, 22:18

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/64 -
  • (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html -

10 Nov 2021, 01:17

Type Values Removed Values Added
References
  • {'url': 'http://seclists.org/fulldisclosure/2021/Oct/64', 'name': '20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FULLDISC'}
  • {'url': 'http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html', 'name': 'http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html', 'tags': ['Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}

04 Nov 2021, 15:30

Type Values Removed Values Added
CPE cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*
References (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html - Third Party Advisory, VDB Entry
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/64 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/64 - Mailing List, Third Party Advisory

01 Nov 2021, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html -

29 Oct 2021, 18:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/64 -

28 Oct 2021, 18:01

Type Values Removed Values Added
References (CONFIRM) https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download= - (CONFIRM) https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download= - Vendor Advisory
CPE cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5

26 Oct 2021, 11:40

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-26 10:15

Updated : 2025-08-15 20:25


NVD link : CVE-2021-34593

Mitre link : CVE-2021-34593

CVE.ORG link : CVE-2021-34593


JSON object : View

Products Affected

wago

  • 750-8210
  • 750-8216_firmware
  • 750-8207_firmware
  • 750-8212_firmware
  • 750-8216
  • 750-8211
  • 750-8204
  • 750-8208_firmware
  • 750-8217_firmware
  • 750-8213
  • 750-8210_firmware
  • 750-8206_firmware
  • 750-8217
  • 750-8202_firmware
  • 750-8213_firmware
  • 750-8208
  • 750-8211_firmware
  • 750-8202
  • 750-8214
  • 750-8203
  • 750-8203_firmware
  • 750-8206
  • 750-8207
  • 750-8212
  • 750-8214_firmware
  • 750-8204_firmware

codesys

  • runtime_toolkit
  • plcwinnt
CWE
CWE-755

Improper Handling of Exceptional Conditions