#VU19623 Cleartext transmission of sensitive information in CODESYS Server applications


Published: 2019-08-02

Vulnerability identifier: #VU19623

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-9013

CWE-ID: CWE-319

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
CODESYS HMI
Client/Desktop applications / Other client software
CODESYS Control Runtime System Toolkit
Client/Desktop applications / Other client software
CODESYS Simulation Runtime
Client/Desktop applications / Other client software
CODESYS Control RTE
Client/Desktop applications / Other client software
CODESYS Control for Raspberry Pi
Client/Desktop applications / Other client software
CODESYS Control for PFC200
Client/Desktop applications / Other client software
CODESYS Control for PFC100
Client/Desktop applications / Other client software
CODESYS Control for Linux
Client/Desktop applications / Other client software
CODESYS Control for IOT2000
Client/Desktop applications / Other client software
CODESYS Control for emPC-A/iMX6
Client/Desktop applications / Other client software
CODESYS Control for BeagleBone
Client/Desktop applications / Other client software
CODESYS firmware
Server applications / SCADA systems

Vendor: CODESYS

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to software allows transmission of user credentials via insecure HTTP protocol. A remote attacker with ability to intercept network traffic can obtain user's credentials and gain unauthorized access to the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

According to vendor statement, the vulnerability will be fixed in software version 3.5.16.0, planned for February 2020.

Vulnerable software versions

CODESYS HMI: All versions

CODESYS Control Runtime System Toolkit: All versions

CODESYS Simulation Runtime: All versions

CODESYS Control RTE: All versions

CODESYS Control for Raspberry Pi: All versions

CODESYS Control for PFC200: All versions

CODESYS Control for PFC100: All versions

CODESYS Control for Linux: All versions

CODESYS Control for IOT2000: All versions

CODESYS Control for emPC-A/iMX6: All versions

CODESYS Control for BeagleBone: All versions

CODESYS firmware: 3.5.3.0 - 3.5.15.0


External links
http://ics-cert.us-cert.gov/advisories/icsa-19-213-04
http://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-08_CDS-62813.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability