3S-Smart Software Solutions GmbH CODESYS V3
Act Now9ICS-CERT ICSA-19-213-03Aug 1, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
3S-Smart Software Solutions GmbH CODESYS V3 and CODESYS Control products contain improper access control vulnerabilities (CWE-283) and unrestricted size in file upload validation (CWE-789). Successful exploitation allows a remote attacker to close existing communication channels or take over an established user session to send crafted packets to a PLC, potentially altering industrial process control.
What this means
What could happen
An attacker could hijack communication sessions with your PLCs or industrial controllers, allowing them to send malicious commands that could change process setpoints, stop production, or cause unsafe equipment operation.
Who's at risk
Manufacturing facilities, water utilities, and electric utilities running CODESYS V3 runtime on Raspberry Pi, BeagleBone, PFC100/PFC200, WAGO IOT2000, or Linux-based industrial controllers. Also affects organizations using CODESYS Development System or Gateway V3 for engineering or system integration.
How it could be exploited
An attacker with network access to a CODESYS V3 device or gateway could exploit the improper access control to intercept and manipulate established communication sessions. They could then inject crafted packets directly to the PLC without requiring valid credentials, since the vulnerability bypasses session validation.
Prerequisites
- Network access to the CODESYS V3 device or gateway (port 502 or 11740 typically)
- An already-established user session between a workstation and the PLC
- No valid engineering credentials required—session hijacking bypasses authentication
Remotely exploitableNo authentication required to exploit session hijackingLow complexity attackAffects SCADA/PLC control runtimeNo patch available for affected versions
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (10)
10 with fix
ProductAffected VersionsFix Status
CODESYS Control for emPC-A/iMX6: all< 3.5.14.203.5.14.20
CODESYS Control for Raspberry Pi: all< 3.5.14.203.5.14.20
CODESYS Control V3 Runtime System Toolkit: all< 3.5.14.203.5.14.20
CODESYS Control for PFC100: all< 3.5.14.203.5.14.20
CODESYS Control for BeagleBone: all< 3.5.14.203.5.14.20
CODESYS Control for PFC200: all< 3.5.14.203.5.14.20
CODESYS V3 Development System: all< 3.5.14.203.5.14.20
CODESYS Control for Linux: all< 3.5.14.203.5.14.20
Remediation & Mitigation
0/5
Do now
0/3HARDENINGIsolate CODESYS V3 devices and runtime systems from the business network using network segmentation or air-gap architecture where possible.
WORKAROUNDPlace firewalls between CODESYS gateways and external networks. Restrict access to Modbus (port 502) and CODESYS communication ports to authorized engineering workstations only.
WORKAROUNDIf remote engineering access is required, use a VPN with current security patches to access CODESYS systems, rather than direct Internet exposure.
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate CODESYS V3 products to version 3.5.14.20 or later (3.5.15.0 available). Check codesys.com/download for updates and plan maintenance windows to avoid production interruption.
HARDENINGMonitor network traffic for unusual connection attempts or session hijacking patterns targeting CODESYS ports.
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a997c895-d067-4e02-97c2-9f6042beedd1