Stack-based buffer overflow in CODESYS Server applications

#VU21103 Stack-based buffer overflow in CODESYS Server applications

Published: 2019-09-13

Vulnerability identifier: #VU21103

Vulnerability risk: High

CVSSv3.1:

CVE-ID: CVE-2019-13548

CWE-ID:

Exploitation vector: Network

Exploit availability:

Vulnerable software:
CODESYS V3 Remote Target Visu Toolkit
Client/Desktop applications / Other client software
CODESYS V3 Embedded Target Visu Toolkit
Client/Desktop applications / Other client software
CODESYS Control V3 Runtime System Toolkit
Client/Desktop applications / Other client software
CODESYS HMI V3
Client/Desktop applications / Other client software
CODESYS Control Win V3 (part of the CODESYS Development System setup)
Client/Desktop applications / Other client software
CODESYS Control RTE V3 (for Beckhoff CX)
Client/Desktop applications / Other client software
CODESYS Control RTE V3
Client/Desktop applications / Other client software
CODESYS Control for Raspberry Pi
Client/Desktop applications / Other client software
CODESYS Control for PFC200
Client/Desktop applications / Other client software
CODESYS Control for PFC100
Client/Desktop applications / Other client software
CODESYS Control for Linux
Client/Desktop applications / Other client software
CODESYS Control for IOT2000
Client/Desktop applications / Other client software
CODESYS Control for emPC-A/iMX6
Client/Desktop applications / Other client software
CODESYS Control for BeagleBone
Client/Desktop applications / Other client software
CODESYS firmware
Server applications / SCADA systems

Vendor: CODESYS

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the CODESYS V3 web server. A remote unauthenticated attacker can send a specially crafted HTTP or HTTPS request, trigger stack-based buffer overflow and cause a denial-of-service condition or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CODESYS V3 Remote Target Visu Toolkit: All versions

CODESYS V3 Embedded Target Visu Toolkit: All versions

CODESYS Control V3 Runtime System Toolkit: All versions

CODESYS HMI V3: All versions

CODESYS Control Win V3 (part of the CODESYS Development System setup): All versions

CODESYS Control RTE V3 (for Beckhoff CX): All versions

CODESYS Control RTE V3: All versions

CODESYS Control for Raspberry Pi: All versions

CODESYS Control for PFC200: All versions

CODESYS Control for PFC100: All versions

CODESYS Control for Linux: All versions

CODESYS Control for IOT2000: All versions

CODESYS Control for emPC-A/iMX6: All versions

CODESYS Control for BeagleBone: All versions

CODESYS firmware: 1.1.9.18 - 3.5.14.40

Fixed software versions

CPE

cpe:2.3:a:codesys:codesys_v3_remote_target_visu_toolkit:*:*:*:*:*:*:*:*

External links
http://ics-cert.us-cert.gov/advisories/icsa-19-255-01

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

OpenSUSE Linux update for git

Gentoo update for Git

OpenSUSE Linux update for git

Amazon Linux AMI update for git

Multiple vulnerabilities in CODESYS products