Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities

Act Now9.8VDE-2021-055Apr 26, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

PMC programming tool from Pilz, which is based on CODESYS Development System, contains multiple memory management and validation vulnerabilities (buffer overflows, improper input validation, cryptographic flaws, and signature verification bypasses). These flaws allow an attacker to execute arbitrary code locally or remotely on an engineering workstation running the tool. Affected versions: all 2.x.x releases. No patched version currently available from the vendor.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation running PMC programming tool, potentially allowing them to modify PLC programs before deployment or steal sensitive process logic and safety configurations.

Who's at risk

Engineering and automation teams at water authorities, electric utilities, and other critical infrastructure operators who use the Pilz PMC programming tool to configure safety PLCs and process controllers. Any facility relying on Pilz PMC tool to manage PLC logic for water treatment, electrical distribution, or other critical processes is affected.

How it could be exploited

An attacker with network access to a workstation running PMC programming tool 2.x.x could send a specially crafted network request exploiting multiple memory and validation flaws (CWE-787, CWE-119, CWE-20) to execute arbitrary commands on that workstation. Alternatively, an attacker with local access could exploit these vulnerabilities directly.

Prerequisites

Network access to the engineering workstation running PMC programming tool 2.x.x, or local access to that workstation
The vulnerable PMC programming tool version must be installed and accessible

Remotely exploitableNo authentication requiredLow complexityNo patch availableAffects safety systemsHigh CVSS score (9.8)

Affected products (1)

ProductAffected VersionsFix Status

PMC programming tool 2.x.xAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGStop using PMC programming tool 2.x.x until a patched version is released by Pilz

HARDENINGIsolate engineering workstations running PMC programming tool from untrusted networks using network segmentation or air-gapping

WORKAROUNDRestrict network access to engineering workstations to only authorized devices and personnel

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGLimit local access to workstations running PMC programming tool to trusted engineers only

HOTFIXMonitor for updates from Pilz and CODESYS and apply patches immediately when available

CVEs (10)

CVE-2021-34596 CVE-2020-16233 CVE-2020-14509 CVE-2020-14519 CVE-2020-14513 CVE-2020-14517 CVE-2020-14515 CVE-2021-34593 CVE-2021-34595 CVE-2019-16265

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7268610e-0038-441c-a50a-35bde9428ba9