CODESYS Control V2 Linux SysFile library
Monitor5.3ICS-CERT ICSA-21-173-04Jun 22, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
CODESYS V2 Linux Runtime systems prior to version 2.4.7.55 contain an improper input validation flaw in the SysFile system library. A control programmer can call additional OS functions through SysFile, allowing arbitrary execution of operating system commands from within PLC logic. This vulnerability allows escalation of privileges from the PLC application level to the underlying Linux operating system level.
What this means
What could happen
A control programmer with access to the PLC could use the SysFile library to execute arbitrary operating system commands on the Linux runtime system, potentially compromising the integrity and availability of the control system.
Who's at risk
Manufacturing facilities using CODESYS V2 Runtime on Linux should be concerned, including water utilities and electric utilities that rely on CODESYS-based PLCs for process control, pump stations, or power distribution automation.
How it could be exploited
An attacker with control programmer credentials or access to the engineering environment could load malicious PLC logic that calls SysFile library functions to execute arbitrary OS commands on the Linux-based CODESYS runtime system.
Prerequisites
- Access to engineering workstation or PLC programming interface
- Valid control programmer credentials or ability to upload PLC program
- Target system must be CODESYS V2 Runtime on Linux
- Must have local or remote access to load programs onto the PLC
No patch availableRequires valid credentials to exploitLow complexity attack once inside engineering networkAffects control logic integrity
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
CODESYS reports all runtime systems for Linux based on a CODESYS V2 Runtime Toolkit 32-bit full: prior< 2.4.7.55No fix yet
Remediation & Mitigation
0/4
Do now
0/1HARDENINGRestrict programming access to authorized control engineers only using role-based access controls on engineering workstations
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor PLC program uploads and changes; log all control system programming activities for audit and incident investigation
HARDENINGRequire code review and approval procedures before deploying any PLC logic changes to production systems
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate the PLC engineering network from business/corporate IT networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ac556266-a017-47fa-9aff-e4f30222f1f4