CVE-2021-34595— CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service

CVSS 8.1 · High EPSS 0.37% · P59 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-34595

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service

Source: NVD (National Vulnerability Database)

Vulnerability Description

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用越界的指针偏移

Source: NVD (National Vulnerability Database)

Vulnerability Title

CODESYS 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CODESYS是德国3S-Smart Software Solutions的一套控制器开发系统 CODESYS V2 Runtime Toolkit 32 Bit full和PLCWinNT V2.4.7.56之前的版本存在安全漏洞，该漏洞源于在受影响的软件中，带有无效偏移量的请求可能会导致越界读或写访问，从而导致拒绝服务条件或本地内存覆盖。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
CODESYS	CODESYS V2	Runtime Toolkit 32 bit full ~ V2.4.7.56	-

II. Public POCs for CVE-2021-34595

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-34595

请登录查看更多情报信息。

Same Patch Batch · CODESYS · 2021-10-26 · 7 CVEs total

CVE-2021-34584	9.1 CRITICAL	CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS)
CVE-2021-34593	7.5 HIGH	CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service
CVE-2021-34586	7.5 HIGH	CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS)
CVE-2021-34585	7.5 HIGH	CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invali
CVE-2021-34583	7.5 HIGH	CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS)
CVE-2021-34596	6.5 MEDIUM	CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service

IV. Related Vulnerabilities

Same product: CODESYS V2

Same vendor: CODESYS

Same weakness: CWE-823

V. Comments for CVE-2021-34595

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-34595— CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service

I. Basic Information for CVE-2021-34595

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-34595

III. Intelligence Information for CVE-2021-34595

Same Patch Batch · CODESYS · 2021-10-26 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-34595

Leave a comment