Multiple vulnerabilities in CODESYS products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2019-13548 CVE-2019-13532 CVE-2019-13538 CVE-2019-13542 CVE-2019-9009 |
| CWE-ID | CWE-121 CWE-22 CWE-79 CWE-476 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
CODESYS V3 Remote Target Visu Toolkit Client/Desktop applications / Other client software CODESYS V3 Embedded Target Visu Toolkit Client/Desktop applications / Other client software CODESYS Control V3 Runtime System Toolkit Client/Desktop applications / Other client software CODESYS HMI V3 Client/Desktop applications / Other client software CODESYS Control Win V3 (part of the CODESYS Development System setup) Client/Desktop applications / Other client software CODESYS Control RTE V3 (for Beckhoff CX) Client/Desktop applications / Other client software CODESYS Control RTE V3 Client/Desktop applications / Other client software CODESYS Control for Raspberry Pi Client/Desktop applications / Other client software CODESYS Control for PFC200 Client/Desktop applications / Other client software CODESYS Control for PFC100 Client/Desktop applications / Other client software CODESYS Control for Linux Client/Desktop applications / Other client software CODESYS Control for IOT2000 Client/Desktop applications / Other client software CODESYS Control for emPC-A/iMX6 Client/Desktop applications / Other client software CODESYS Control for BeagleBone Client/Desktop applications / Other client software CODESYS Development System V3 Client/Desktop applications / Other client software CODESYS V3 Simulation Runtime (part of the CODESYS Development System) Client/Desktop applications / Other client software CODESYS Gateway V3 Client/Desktop applications / Other client software CODESYS V3 Safety SIL2 Client/Desktop applications / Other client software CODESYS firmware Server applications / SCADA systems |
| Vendor | CODESYS |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU21103
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13548
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CODESYS V3 web server. A remote unauthenticated attacker can send a specially crafted HTTP or HTTPS request, trigger stack-based buffer overflow and cause a denial-of-service condition or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS V3 Remote Target Visu Toolkit: All versions
CODESYS V3 Embedded Target Visu Toolkit: All versions
CODESYS Control V3 Runtime System Toolkit: All versions
CODESYS HMI V3: All versions
CODESYS Control Win V3 (part of the CODESYS Development System setup): All versions
CODESYS Control RTE V3 (for Beckhoff CX): All versions
CODESYS Control RTE V3: All versions
CODESYS Control for Raspberry Pi: All versions
CODESYS Control for PFC200: All versions
CODESYS Control for PFC100: All versions
CODESYS Control for Linux: All versions
CODESYS Control for IOT2000: All versions
CODESYS Control for emPC-A/iMX6: All versions
CODESYS Control for BeagleBone: All versions
CODESYS firmware: 1.1.9.18 - 3.5.14.40
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-255-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU21102
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13532
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the CODESYS V3 web server. A remote attacker can send a specially crafted HTTP or HTTPS request and read arbitrary files outside the restricted working directory of the controller.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS firmware: 1.1.9.18 - 3.5.14.40
CODESYS Control for BeagleBone: All versions
CODESYS Control for emPC-A/iMX6: All versions
CODESYS Control for IOT2000: All versions
CODESYS Control for Linux: All versions
CODESYS Control for PFC100: All versions
CODESYS Control for PFC200: All versions
CODESYS Control for Raspberry Pi: All versions
CODESYS Control RTE V3 (for Beckhoff CX): All versions
CODESYS Control RTE V3: All versions
CODESYS Control Win V3 (part of the CODESYS Development System setup): All versions
CODESYS HMI V3: All versions
CODESYS Control V3 Runtime System Toolkit: All versions
CODESYS V3 Embedded Target Visu Toolkit: All versions
CODESYS V3 Remote Target Visu Toolkit: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-255-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU21101
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13538
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the CODESYS V3 Library Manager. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Development System V3: 3.5.9.40 - 3.5.14.40
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-255-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU21099
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing requests. A remote authenticated attacker can send a specially crafted request from a trusted OPC UA client and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control Win V3 (part of the CODESYS Development System setup): All versions
CODESYS Control RTE V3: All versions
CODESYS Control RTE V3 (for Beckhoff CX): All versions
CODESYS Control for Raspberry Pi: All versions
CODESYS Control for PFC200: All versions
CODESYS Control for PFC100: All versions
CODESYS Control for Linux: All versions
CODESYS Control for IOT2000: All versions
CODESYS Control for emPC-A/iMX6: All versions
CODESYS Control for BeagleBone: All versions
CODESYS firmware: 3.5.11.0 - 3.5.14.40
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-255-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource Management Errors
EUVDB-ID: #VU21098
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9009
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionInstall updates from vendor's website.
Vulnerable software versionsCODESYS V3 Simulation Runtime (part of the CODESYS Development System): All versions
CODESYS HMI V3: All versions
CODESYS Gateway V3: All versions
CODESYS V3 Safety SIL2: All versions
CODESYS Control V3 Runtime System Toolkit: All versions
CODESYS Control Win V3 (part of the CODESYS Development System setup): All versions
CODESYS Control RTE V3 (for Beckhoff CX): All versions
CODESYS Control RTE V3: All versions
CODESYS Control for Raspberry Pi: All versions
CODESYS Control for PFC200: All versions
CODESYS Control for PFC100: All versions
CODESYS Control for Linux: All versions
CODESYS Control for IOT2000: All versions
CODESYS Control for emPC-A/iMX6: All versions
CODESYS Control for BeagleBone: All versions
CODESYS firmware: 1.1.9.18 - 3.5.14.40
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-255-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
