PatchSiren cyber security CVE debrief
CVE-2021-34593 Unknown Vendor CVE debrief
CVE-2021-34593 is a high-severity availability issue affecting CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to V2.4.7.56. According to the CISA CSAF advisory, unauthenticated crafted invalid requests may stop running PLC programs, leak memory, or block other communication clients from accessing the PLC. CISA published the advisory on 2026-02-26 and republished it on 2026-03-17. The supplied advisory context ties the issue to Festo Automation Suite deployments that include affected CODESYS components.
- Vendor
- Unknown Vendor
- Product
- FESTO
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/ICS security teams, PLC engineers, and administrators responsible for Festo Automation Suite environments or any system using the affected CODESYS V2 Runtime Toolkit / PLCWinNT components. Organizations that expose PLC management or communication services should treat this as an operational availability risk.
Technical summary
The advisory describes a network-reachable, unauthenticated denial-of-service condition in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT before V2.4.7.56. The impact is availability-only: malformed requests can stop PLC execution, cause memory leakage, or interfere with communication clients. The CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H aligns with remote, no-auth disruption to industrial control availability.
Defensive priority
High. The issue is easy to reach over the network, requires no authentication, and can directly disrupt PLC operation or communications. For OT environments, even availability-only failures can have safety and production consequences.
Recommended defensive actions
- Inventory Festo Automation Suite installations and identify any systems using CODESYS V2 Runtime Toolkit 32 Bit full or PLCWinNT components.
- Upgrade to a version at or above Festo Automation Suite 2.8.0.138, and obtain the latest patched CODESYS release directly from the official CODESYS source as directed in the advisory.
- Verify that any separately installed CODESYS components are updated to a version at or above V2.4.7.56.
- Apply Festo connector updates as they are released and follow the vendor update guidance in the advisory.
- Review network exposure to PLC communication services and restrict access to trusted engineering and control networks where possible.
- Monitor official vendor and CISA advisories for follow-up guidance and validate PLC behavior after patching.
Evidence notes
All factual claims are limited to the supplied CISA CSAF advisory and the CVE metadata. The advisory states that unauthenticated crafted invalid requests can cause denial-of-service conditions in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT before V2.4.7.56, including stopped PLC programs, memory leakage, and blocked communication clients. The advisory metadata also lists Festo Automation Suite versions and bundled CODESYS components, remediation guidance, and the CISA publication timeline of 2026-02-26 with a 2026-03-17 republication.
Official resources
-
CVE-2021-34593 CVE record
CVE.org
-
CVE-2021-34593 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA first published the advisory on 2026-02-26 and republished it on 2026-03-17. The supplied data does not include a KEV listing or ransomware association.