Lucene search

CERTVDECVELIST:CVE-2021-34599

HistoryDec 01, 2021 - 12:00 a.m.

CVE-2021-34599 Improper Certificate Validation in CODESYS Git

2021-12-0100:00:00

CWE-295

CERTVDE

www.cve.org

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

39.4%

JSON

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.

CNA Affected

[
  {
    "product": "CODESYS Git",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V1.1.0.0",
        "status": "affected",
        "version": "CODESYS Git",
        "versionType": "custom"
      }
    ]
  }
]

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=16959&token=3ce11e44a3277c4520d732ea2e630f2e06bd46ff&download

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for CVELIST:CVE-2021-34599