cvedb.io
CVE-2021-34599
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2021-12-01T09:15:06.627 · Last modified 2026-06-17T03:56:12.783

Summary

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.

Affected products

codesys — git

Does this affect you?

Add your gear to cvedb and we'll alert you only when codesys ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.