OTPulse
FeedAboutContact

CODESYS Runtime Vulnerabilities

Plan Patch8.8SEVD-2023-192-04Jul 11, 2023
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric and CODESYS have disclosed multiple vulnerabilities in the CODESYS runtime system V3 communication server. Many vendors embed CODESYS in their industrial control devices. The vulnerabilities could result in denial of service or remote code execution on PacDrive controllers, Modicon Controllers (M241, M251, M262, M258, LMC058, LMC078, M218), HMISCU, the Simulation Runtime SoftSPS from EcoStruxure Machine Expert, and EcoStruxure Microgrid Operation products.

What this means
What could happen
An attacker could halt production or execute arbitrary commands on critical controllers (PLCs, motion control, HMI systems) without authentication, potentially altering process setpoints, triggering unsafe states, or stopping operations entirely.
Who's at risk
Energy and manufacturing facilities operating Schneider Electric Modicon controllers (M241, M251, M262, M258, LMC series), PacDrive 3 motion controllers, HMISCU controllers, Harmony HMI devices, and any EcoStruxure Machine Expert installations with embedded CODESYS runtime. This affects both PLC/controller hardware and engineering workstations running the affected software.
How it could be exploited
An attacker with network access to the CODESYS runtime communication port (typically port 11740) can send specially crafted packets to trigger buffer overflows or other memory corruption flaws. No valid credentials are required. Successful exploitation allows remote code execution or denial of service on the controller.
Prerequisites
  • Network access to the CODESYS V3 communication server port (typically port 11740)
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects safety systemsmultiple products with no fix available
Exploitability
Moderate exploit probability (EPSS 4.4%)
Affected products (17)
10 with fix1 pending6 EOL
ProductAffected VersionsFix Status
HMISCU Controller All<6.3.16.3.1
Modicon Controller M241 All<5.2.11.185.2.11.18
Modicon Controller M251 All<5.2.11.185.2.11.18
Modicon Controller M262 All<5.2.8.125.2.8.12
PacDrive 3 Controllers: LMC Eco/Pro/Pro2 All<1.76.14.11.76.14.1
Remediation & Mitigation

Version 6.3.1 of Vijeo Designer includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/1054-vijeodesigner-hmi-software/#software-and-firmware On the engineering workstation, update to v6.3.1 of Vijeo Designer. In order to complete the update, connect to Harmony HMI and download the project file using Vijeo Designer v6.3.1. Modicon Controller M241 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M241 to the latest Firmware and preform reboot. Modicon Controller M251 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M251 to the latest Firmware and preform reboot. Modicon Controller M262 Firmware delivered with Machine Expert v2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, update to v2.2 of Machine Expert. Update Modicon Controller M262 to the latest firmware and preform reboot. PacDrive 3 Controllers LMC Eco/Pro/Pro2 Firmware delivered with Machine Expert V2.2 includes a fix for this vulnerability and can be updated through the Schneider Electric Software Update (SESU) application. https://www.se.com/ww/en/product-range/2226-ecostruxure-machine-expert-software/ On the engineering workstation, upd

View full Schneider Electric advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/25c1cb7b-3a4e-4245-a71d-598f505cc377
CODESYS Runtime Vulnerabilities | CVSS 8.8 - OTPulse