PatchSiren cyber security CVE debrief
CVE-2021-34596 Unknown Vendor CVE debrief
CVE-2021-34596 is a network-reachable denial-of-service issue in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT before version V2.4.7.56. CISA’s advisory (ICSA-26-076-01) says a crafted request can trigger a read access to an uninitialized pointer, which can disrupt the affected runtime. The advisory was published on 2026-02-26 and republished on 2026-03-17.
- Vendor
- Unknown Vendor
- Product
- FESTO
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
Industrial control and automation teams running CODESYS-based runtimes, especially Festo Automation Suite deployments that include bundled or externally installed CODESYS components. OT operators, engineers, and defenders responsible for network-reachable control environments should prioritize review.
Technical summary
The flaw is an uninitialized-pointer read in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56. The supplied advisory states that a crafted request can cause the read, leading to denial of service. The CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, so the main impact is availability and the attack does not require user interaction.
Defensive priority
Medium — prioritize patching and version verification in any environment that exposes the affected CODESYS runtime components, because the issue is network-reachable and can cause service disruption.
Recommended defensive actions
- Update CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT to version V2.4.7.56 or later.
- Download the latest patched CODESYS release directly from the official CODESYS website and follow the vendor’s installation/update instructions.
- If you use Festo Automation Suite, move to supported updates where CODESYS is no longer bundled and keep the Festo connector up to date.
- Inventory systems that run bundled or separately installed CODESYS components and confirm whether they are on affected versions.
- Monitor CODESYS and Festo security advisories and apply updates promptly in maintenance windows.
Evidence notes
Primary evidence comes from CISA CSAF advisory ICSA-26-076-01, published 2026-02-26 and republished 2026-03-17. The advisory text states that a crafted request can cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to V2.4.7.56, resulting in denial of service. Remediation guidance in the source is limited to vendor patching and Festo Automation Suite update/packaging notes.
Official resources
-
CVE-2021-34596 CVE record
CVE.org
-
CVE-2021-34596 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF advisory ICSA-26-076-01 on 2026-02-26, with a CISA republication noted on 2026-03-17.