3S-Smart Software Solutions GmbH CODESYS Control V3 Products
Act Now9.8ICS-CERT ICSA-18-352-03Dec 18, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
CODESYS Control V3 products contain an authorization/access control vulnerability (CWE-284) that could allow unauthorized access and exfiltration of sensitive data including user credentials. Affected versions are prior to 3.5.14.0 across multiple runtime platforms and development environments including Simulation Runtime, Linux, HMI V3, IOT2000, Raspberry Pi, emPC-A/iMX6, PFC100/PFC200, BeagleBone, and Beckhoff CX systems.
What this means
What could happen
An attacker with network access to a CODESYS Control device could bypass authentication controls and access sensitive data including user credentials, potentially enabling them to alter control logic, modify process parameters, or extract operational data from your automation platform.
Who's at risk
Manufacturing facilities using CODESYS Control V3 runtime systems should prioritize this. Affected equipment includes PLC runtimes on industrial edge devices (WAGO PFC series, Beckhoff CX embedded controllers, BeagleBone and Raspberry Pi controllers), HMI systems, and development workstations running CODESYS software. Any facility with automated production lines, process control, or industrial IoT devices based on CODESYS is at risk.
How it could be exploited
An attacker sends a crafted network request to the CODESYS Control runtime without valid credentials. Because of improper authorization checks, the request succeeds and the attacker gains access to protected functions and data, including user credentials and runtime configuration.
Prerequisites
- Network access to the CODESYS Control device on its service port
- No authentication required to exploit the vulnerability
Remotely exploitableNo authentication requiredLow complexityNo patch available for old devicesAffects control system runtime environmentsDefault user management may be disabled
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (14)
13 with fix1 pending
ProductAffected VersionsFix Status
Control for BeagleBone: prior to< 3.5.14.0No fix yet
CODESYS V3 Simulation Runtime (part of the CODESYS Development System): prior to< 3.5.14.03.5.14.0
CODESYS Control for Linux: prior to< 3.5.14.03.5.14.0
CODESYS HMI V3: prior to< 3.5.14.03.5.14.0
CODESYS Control for IOT2000: prior to< 3.5.14.03.5.14.0
CODESYS Control V3 Runtime System Toolkit: prior to< 3.5.14.03.5.14.0
CODESYS Control for emPC-A/iMX6: prior to< 3.5.14.03.5.14.0
CODESYS Control for PFC100: prior to< 3.5.14.03.5.14.0
Remediation & Mitigation
0/8
Do now
0/2WORKAROUNDActivate CODESYS Control online user management and enable encryption of online communication
HARDENINGApply and enforce user management and password policies on CODESYS systems
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate CODESYS Control to version 3.5.14.0 or newer
Long-term hardening
0/5HARDENINGIsolate CODESYS Control devices on a protected network segment not accessible from external networks or the business network
HARDENINGDeploy firewalls to separate control system networks from other networks and restrict network access to CODESYS devices
HARDENINGRestrict physical and logical access to development and control systems using operating system features, access lists, and physical locks
HARDENINGUse VPN for remote access to CODESYS systems only if necessary, and ensure VPN software is current
HARDENINGMaintain up-to-date antivirus and malware detection on development and control systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/546db62c-8dce-4ae3-a258-9cc8a2521207