CVE-2021-29242: 
NixOS vulnerability analysis and mitigation

CODESYS Control Runtime system before version 3.5.17.0 contains an improper input validation vulnerability. The vulnerability was disclosed on May 3, 2021, and affects multiple CODESYS Control Runtime system components and related products (NVD).

The vulnerability stems from improper input validation in the CODESYS Control Runtime system. The issue allows attackers to send crafted communication packets that can manipulate the router's addressing scheme. The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability enables attackers to re-route, add, remove, or change low-level communication packages. This can affect the confidentiality, integrity, and availability of the system, with each aspect rated as Low impact according to the CVSS scoring (NVD).

The primary mitigation is to upgrade to CODESYS Control Runtime system version 3.5.17.0 or later. This affects multiple CODESYS products including Control Runtime system toolkit, Control RTE, Control Win, and various platform-specific implementations (NVD, Vendor Advisory).