3S CoDeSys Vulnerabilities

Act NowICS-CERT ICSA-12-006-01Oct 9, 2012

Summary

3S Smart Software Solutions CoDeSys versions 2.3 and 3.4 contain buffer overflow vulnerabilities (CWE-122, CWE-119, CWE-476) that could allow remote code execution. The vendor has not released patches for these versions. CoDeSys is an IEC 61131-3 programming platform widely used for PLC and industrial automation development. Exploitation requires delivery of a crafted input to the vulnerable application, potentially via a malicious project file or network interaction.

What this means

What could happen

Buffer overflow vulnerabilities in CoDeSys could allow an attacker to execute arbitrary code on engineering workstations or runtime systems, potentially disrupting program development, deployment, or plant operations if the affected versions are running in production.

Who's at risk

Manufacturing plants, utilities, and water authorities that use 3S CoDeSys for PLC programming and IEC 61131-3 automation development. Risk is highest for organizations running CoDeSys 2.3 or 3.4 on engineering workstations that have network access or that host projects downloaded from external sources. If these workstations can reach plant control systems, a compromise could lead to malicious program deployment.

How it could be exploited

An attacker would need to deliver a crafted input—likely via a malicious CoDeSys project file, network packet, or USB media containing a project—to a system running the vulnerable CoDeSys version. Successful exploitation would allow code execution in the context of the CoDeSys process, potentially with the privileges of the user running the application.

Prerequisites

CoDeSys version 2.3 or 3.4 installed and running on a development workstation or engineering system
Attacker can deliver a malformed input to the CoDeSys application (file upload, network access, or local access to project files)

No patch available for affected versionsHigh EPSS score (81.9%)Buffer overflow vulnerability allows code executionAffects engineering/development layer which can reach operational systemsEnd-of-life software versions

Exploitability

High exploit probability (EPSS 81.9%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

3S Smart Software Solutions CoDeSys: 2.32.3No fix yet

3S Smart Software Solutions CoDeSys: 3.43.4No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate CoDeSys engineering workstations from untrusted networks and restrict access to project files and deployment systems

WORKAROUNDDisable or restrict CoDeSys remote access features (if present) until patched

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to a CoDeSys version newer than 3.4 if available from 3S Smart Software Solutions; check with vendor for patch status and supported versions

Long-term hardening

0/2

HARDENINGRun CoDeSys with the least privilege necessary; avoid running as system administrator or with elevated credentials

HARDENINGImplement file integrity monitoring on CoDeSys project files and installation directories

CVEs (3)

CVE-2011-5008 CVE-2011-5007 CVE-2011-5009

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6d8d457a-1f1d-42f9-9d94-6f552e6048c4