OTPulse
FeedAboutContact

3S CODESYS Gateway Use After Free

Low RiskICS-CERT ICSA-13-142-01Feb 23, 2013
Summary

CODESYS Gateway version 2.3.9.27 contains a use-after-free vulnerability (CWE-416) in memory handling. A crafted network message sent to the gateway could trigger improper memory reference after the memory has been freed, potentially causing denial of service or code execution. The gateway is a critical component that bridges engineering workstations to PLCs and other control devices. No patch is available from the vendor for this version.

What this means
What could happen
A use-after-free memory flaw in CODESYS Gateway could allow an attacker to crash the gateway or potentially execute code, disrupting communication between engineering workstations and programmable logic controllers on your network.
Who's at risk
Water utilities and electric utilities using CODESYS-based programmable logic controllers (PLCs) and automation systems should assess this risk. Specifically, any facility that relies on CODESYS Gateway v2.3.9.27 for remote engineering access or inter-PLC communication is affected.
How it could be exploited
An attacker with network access to the CODESYS Gateway (typically on port 11740 or configured port) could send a specially crafted message that triggers the use-after-free condition, causing a denial of service or potential code execution on the gateway process.
Prerequisites
  • Network access to CODESYS Gateway listening port
  • No credentials required
Remotely exploitableNo authentication requiredNo patch availableUse-after-free memory corruptionGateway is network-facing component
Exploitability
Moderate exploit probability (EPSS 3.4%)
Affected products (1)
ProductAffected VersionsFix Status
CODESYS Gateway: 2.3.9.272.3.9.27No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDImplement firewall rules to restrict network access to CODESYS Gateway to only authorized engineering workstations and administrative networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor CODESYS Gateway process for crashes or unexpected restarts and correlate with network logs to detect exploitation attempts
Mitigations - no patch available
0/2
CODESYS Gateway: 2.3.9.27 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the engineering network from production control networks using firewalls or air-gaps to limit attacker reach to the gateway
HARDENINGEvaluate migration to a newer version of CODESYS or alternative gateway solutions with active vendor support
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ad8b3a06-fe2d-4c31-a289-109fd062a635
3S CODESYS Gateway Use After Free - OTPulse