OTPulse
FeedAboutContact

CODESYS Development System

Plan Patch7.3ICS-CERT ICSA-23-236-03Aug 24, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

The CODESYS Development System versions 3.5.17.0 through 3.5.19.19 contain a binary planting vulnerability (CWE-427) where a local attacker can place a malicious executable in a directory that the application searches during startup or operation. When a user launches the application or an associated process, the system may execute the attacker's binary instead of the legitimate one, giving the attacker code execution in the context of the user running CODESYS.

What this means
What could happen
An attacker with local access to an engineering workstation could trick a user into running a malicious program by exploiting how the CODESYS Development System launches applications, potentially compromising the development environment and any projects it contains.
Who's at risk
Engineering teams and automation contractors who use CODESYS Development System for PLC and industrial controller programming. This affects anyone developing automation logic for water treatment, wastewater, power systems, or other critical infrastructure that relies on CODESYS-based control systems.
How it could be exploited
An attacker must first gain local access to the machine running CODESYS Development System. The attacker then places a malicious binary in a location where CODESYS will search for it (likely a DLL or executable in the system path or application directory). When a user launches the application or performs an action that triggers application execution, the system runs the attacker's malicious binary instead of the legitimate one.
Prerequisites
  • Local access to the engineering workstation running CODESYS
  • Ability to write files to directories in the application search path
  • User action required (clicking a link, opening a file, or launching the application)
Requires local access to exploitationUser interaction requiredAffects software development environmentCould compromise control logic and project files
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
CODESYS Development System: >= 3.5.17.0 | < 3.5.19.20≥ 3.5.17.0 | < 3.5.19.203.5.19.20
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGEducate users not to click on web links or open attachments from unsolicited emails that could lead to malicious file placement
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CODESYS Development System to version 3.5.19.20 or later
Long-term hardening
0/1
HARDENINGApply principle of least privilege: restrict local user account permissions on development workstations to prevent unauthorized file placement in system directories
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b5bc7d45-b417-480c-a09d-ffcd3b22ccd5
CODESYS Development System | CVSS 7.3 - OTPulse