3S CODESYS Gateway-Server Vulnerabilities

Act NowICS-CERT ICSA-13-050-01ANov 23, 2013

Summary

3S CODESYS Gateway-Server versions prior to 2.3.9.27 contain multiple memory corruption and path traversal vulnerabilities (CWE-118, CWE-22, CWE-122, CWE-119, CWE-121) that could allow an attacker to execute arbitrary code or read/write files on the system running the gateway service.

What this means

What could happen

An attacker could run arbitrary code on the CODESYS Gateway-Server, potentially gaining control of the engineering workstation or network that hosts it. This could allow modification of PLC program logic or denial of access to the control system.

Who's at risk

Organizations using CODESYS Gateway-Server for remote programming and monitoring of PLCs and other programmable controllers should prioritize this. This includes water treatment plants, electric utilities, and manufacturers relying on CODESYS for industrial automation who allow remote engineering access.

How it could be exploited

An attacker with network access to the Gateway-Server port could send a specially crafted request exploiting the memory corruption or path traversal flaws to execute code or access files on the host. The attack requires no authentication and could be performed remotely from the network where the gateway is accessible.

Prerequisites

Network access to the Gateway-Server listening port
Gateway-Server version prior to 2.3.9.27 deployed and active

remotely exploitableno authentication requiredmemory corruption flawspath traversal allows file accesshigh EPSS score (70.4%)no patch available for older versions

Exploitability

High exploit probability (EPSS 70.4%)

Affected products (1)

ProductAffected VersionsFix Status

Gateway-Server: <ver._2.3.9.27<ver. 2.3.9.27No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIf upgrade is not immediately possible, restrict network access to the Gateway-Server port using firewall rules. Allow only authorized engineering workstations and SCADA servers to communicate with the gateway.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade CODESYS Gateway-Server to version 2.3.9.27 or later

Mitigations - no patch available

0/2

Gateway-Server: <ver._2.3.9.27 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment the engineering network from production control systems. Do not expose the Gateway-Server directly to untrusted networks.

HARDENINGMonitor network traffic to the Gateway-Server for unexpected requests or connection attempts.

CVEs (5)

CVE-2012-4704 CVE-2012-4705 CVE-2012-4706 CVE-2012-4707 CVE-2012-4708

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/291c1d13-8c0b-49e6-a353-c4a3ec1f17c6