OSCAT Basic Library
Monitor5.1ICS-CERT ICSA-24-326-02Nov 21, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A buffer over-read vulnerability exists in the OSCAT Basic Library (CODESYS) in the MONTH_TO_STRING function when processing negative input values. The vulnerability is locally exploitable and allows reading of internal PLC memory or causing application crashes. CODESYS recommends updating to version 3.3.5.0; alternatively, input validation must be implemented in the PLC application to block negative function parameters. A download or online change and boot project rebuild is required to apply either fix.
What this means
What could happen
A local attacker could read sensitive internal data from the PLC and potentially crash the application running on it. This could disrupt manufacturing processes that depend on continuous operation of the affected CODESYS logic.
Who's at risk
Manufacturing facilities using CODESYS-based PLCs with the OSCAT Basic Library should assess whether they deploy this library. The vulnerability affects local machines where the library is installed, posing risk to plants relying on continuous PLC operation for process automation and safety-related functions.
How it could be exploited
An attacker with local access to the PLC or engineering workstation running the affected OSCAT Basic Library can trigger the vulnerability by passing invalid (negative) values to the MONTH_TO_STRING function, causing a buffer over-read that exposes internal memory or crashes the service.
Prerequisites
- Local access to the PLC or CODESYS engineering workstation
- OSCAT Basic Library version 3.3.5.0 or earlier installed in the PLC application
- Ability to invoke or control inputs to the MONTH_TO_STRING function (requires understanding the application logic)
Local access only (requires physical or administrative access)Low complexity (simple input validation bypass)No authentication bypassNo patch available from vendorAffects PLC memory disclosure and availability
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
CODESYS OSCAT Basic Library: 3.3.5.03.3.5.03.3.5.0
oscat.de OSCAT Basic Library: <=3.3.5≤ 3.3.53.3.5.0
oscat.de OSCAT Basic Library: <=335≤ 3353.3.5.0
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDAdd validation logic in the PLC program to block negative values before they are passed to the MONTH_TO_STRING function
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate OSCAT Basic Library to version 3.3.5.0 in the CODESYS Library Manager, rebuild the application, download to PLC, and rebuild/download the boot project
Long-term hardening
0/1HARDENINGImplement network segmentation and access controls to restrict local administrative access to PLCs and engineering workstations
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/75ca8ec6-9e2f-4fc5-bfce-79dd2ab047af