3S CODESYS Runtime Toolkit Null Pointer Dereference Vulnerability

Monitor7.5ICS-CERT ICSA-15-288-01Jul 18, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

3S CODESYS Runtime Toolkit contains a null pointer dereference vulnerability that can cause denial of service. The vulnerability affects CODESYS Runtime Toolkit versions before 2.4.7.48. An attacker with network access can trigger the null pointer dereference, causing the runtime to crash and halting any processes controlled by the runtime.

What this means

What could happen

A remote attacker can crash the CODESYS Runtime Toolkit, interrupting or stopping any industrial process or control logic running on the affected system. This could halt manufacturing operations, process control, or utility automation indefinitely until the runtime is manually restarted.

Who's at risk

Any organization using CODESYS Runtime Toolkit for PLC programming and execution should be concerned. This includes manufacturers running PLC-based automation, utilities managing SCADA systems built on CODESYS, and engineering firms deploying embedded control systems. Affected equipment includes PLCs, remote terminals units (RTUs), and soft PLCs running the vulnerable CODESYS runtime.

How it could be exploited

An attacker with network access to the CODESYS Runtime Toolkit sends a specially crafted network message that triggers a null pointer dereference in the runtime process. When the pointer is dereferenced, the process crashes and all control logic stops executing.

Prerequisites

Network access to the CODESYS Runtime Toolkit port (typically Ethernet/TCP)
CODESYS Runtime Toolkit version before 2.4.7.48

remotely exploitableno authentication requiredlow complexityno patch availableaffects process automation/control logic

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

CODESYS Runtime Toolkit: <2.4.7.48<2.4.7.48No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDImplement network segmentation and firewall rules to restrict access to CODESYS Runtime Toolkit ports to only authorized engineering workstations and control network segments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the CODESYS Runtime for suspicious patterns or unrecognized sources

Long-term hardening

0/1

HOTFIXEvaluate upgrade path to a newer supported version of CODESYS or alternative runtime that has received updates

CVEs (1)

CVE-2015-6482

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2d63c8a9-e8e4-4d95-9f12-aa5ea9c0e91a