OSCAT Basic Library

MonitorCVSS 5.1ICS-CERT ICSA-24-326-02Nov 21, 2024

CODESYSManufacturing

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

OSCAT Basic Library versions 3.3.5 and earlier contain an out-of-bounds read vulnerability (CWE-125) in the MONTH_TO_STRING function. An attacker with local access can pass a negative value as a function parameter, bypassing input validation. Successful exploitation allows reading limited internal PLC data or crashing the affected service. CODESYS has released version 3.3.5.0 as a fix. Alternatively, applications can mitigate by validating all function inputs in the PLC program to reject negative values before they reach MONTH_TO_STRING.

What this means

What could happen

An attacker with local access to the PLC can read sensitive internal data or crash the OSCAT Basic Library service by exploiting an out-of-bounds read vulnerability. This could interrupt manufacturing process monitoring or control.

Who's at risk

Manufacturing facilities using CODESYS with OSCAT Basic Library (version 3.3.5 or earlier) should prioritize this update. This includes PLC programming teams, automation engineers, and any systems relying on OSCAT functions for data processing. The vulnerability requires local access, so the risk is highest in environments with shared engineering workstations or physical access to PLCs.

How it could be exploited

An attacker with local access to the PLC passes a negative value as a parameter to the MONTH_TO_STRING function in OSCAT Basic Library. The function does not validate the input, allowing an out-of-bounds read that either leaks memory contents or triggers a crash of the affected service.

Prerequisites

Local access to the PLC or engineering workstation running OSCAT Basic Library
Ability to pass invalid input (negative values) to the MONTH_TO_STRING function

Local access required (not remotely exploitable)Low complexity exploitationAffects data confidentiality and service availabilityOut-of-bounds read

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

CODESYS OSCAT Basic Library: 3.3.5.03.3.5.03.3.5.0

oscat.de OSCAT Basic Library: <=3.3.5≤ 3.3.53.3.5.0

oscat.de OSCAT Basic Library: <=335≤ 3353.3.5.0

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDIf an immediate update is not possible, add input validation in your PLC program to block negative values before passing them to MONTH_TO_STRING function

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate OSCAT Basic Library to version 3.3.5.0

HOTFIXIn the CODESYS IDE Library Manager, change the OSCAT Basic library version to 3.3.5.0 in your project

HOTFIXDownload or perform an online change to deploy the updated application to the PLC

HOTFIXRebuild and download the boot application after library update

Long-term hardening

0/1

HARDENINGRestrict local access to the PLC and engineering workstations to authorized personnel only

CVEs (1)

CVE-2024-6876

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/75ca8ec6-9e2f-4fc5-bfce-79dd2ab047af

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.