CODESYS V2 Vulnerabilities in Programmable Automation Controller (PacDrive) M
Plan Patch8.8SEVD-2021-222-06Aug 10, 2021
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Multiple buffer overflow vulnerabilities exist in CODESYS V2 runtime, which is embedded in Schneider Electric's Programmable Automation Controller (PacDrive) M. These legacy motion control devices are used in packaging and production machines. Exploitation could result in denial of service or arbitrary code execution on the controller. The vendor will not release patches for these legacy systems.
What this means
What could happen
An attacker with network access and valid credentials could exploit buffer overflow vulnerabilities in the PacDrive M controller, potentially executing arbitrary code or causing the device to stop responding, disrupting packaging and production operations.
Who's at risk
Packaging and production machine operators and maintenance personnel rely on PacDrive M controllers for motion control and logic. Energy sector facilities and manufacturing plants using legacy Schneider Electric automation systems are affected. Anyone managing these systems needs to implement compensating controls immediately since no vendor patch is available.
How it could be exploited
An attacker would need network access to the PacDrive M device and valid user credentials. The attacker could send a malformed input to the CODESYS V2 runtime component, triggering a buffer overflow that allows arbitrary code execution on the controller. This would let them modify process parameters, alter production logic, or crash the device.
Prerequisites
- Network access to the PacDrive M device port (502 or engineering interface)
- Valid user credentials for device access
- Knowledge of CODESYS V2 protocol or vulnerability details
remotely exploitableauthentication required (reduces risk but not eliminates it)no patch available (end-of-life product)legacy unsupported software (CODESYS V2)affects operational continuity
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
Programmable Automation Controller (PacDrive) M All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/5HARDENINGIsolate PacDrive M controllers and their networks behind firewalls, separate from business networks
HARDENINGRestrict network access to PacDrive M devices; do not expose them to the Internet
HARDENINGScan all removable media (USB drives, CDs) before connecting to networks with PacDrive M devices
HARDENINGRestrict connection of mobile devices to control networks unless they have been isolated or sanitized
HARDENINGEnsure programming software is only used on the dedicated control network and never on public or business networks
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGPlace all PacDrive M controllers in locked cabinets and configure them to prevent 'Program' mode access
Mitigations - no patch available
0/1Programmable Automation Controller (PacDrive) M All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGUse VPN with current security patches for any required remote access to PacDrive M devices
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e7565ff9-7291-4812-bff8-d5053b3e02b4