#VU24801 Resource exhaustion in CODESYS Client/Desktop applications


Published: 2020-01-31

Vulnerability identifier: #VU24801

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-7052

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CODESYS Control for BeagleBone
Client/Desktop applications / Other client software
CODESYS Control for emPC-A/iMX6
Client/Desktop applications / Other client software
CODESYS Control for IOT2000
Client/Desktop applications / Other client software
CODESYS Control for Linux
Client/Desktop applications / Other client software
CODESYS Control for PLCnext
Client/Desktop applications / Other client software
CODESYS Control for PFC100
Client/Desktop applications / Other client software
CODESYS Control for PFC200
Client/Desktop applications / Other client software
CODESYS Control for Raspberry Pi
Client/Desktop applications / Other client software
CODESYS Control RTE V3
Client/Desktop applications / Other client software
CODESYS Control RTE V3 (for Beckhoff CX)
Client/Desktop applications / Other client software
CODESYS Control Win V3 (part of the CODESYS Development System setup)
Client/Desktop applications / Other client software
CODESYS Control V3 Runtime System Toolkit
Client/Desktop applications / Other client software
CODESYS V3 Safety SIL2
Client/Desktop applications / Other client software
CODESYS Gateway V3
Client/Desktop applications / Other client software
CODESYS HMI V3
Client/Desktop applications / Other client software
CODESYS V3 Simulation Runtime (part of the CODESYS Development System)
Client/Desktop applications / Other client software

Vendor: CODESYS

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled memory allocation in affected products containing communication servers for the CODESYS communication protocol. A remote authenticated attacker can send a specially crafted request, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CODESYS Control for BeagleBone: All versions

CODESYS Control for emPC-A/iMX6: All versions

CODESYS Control for IOT2000: All versions

CODESYS Control for Linux: All versions

CODESYS Control for PLCnext: All versions

CODESYS Control for PFC100: All versions

CODESYS Control for PFC200: All versions

CODESYS Control for Raspberry Pi: All versions

CODESYS Control RTE V3: All versions

CODESYS Control RTE V3 (for Beckhoff CX): All versions

CODESYS Control Win V3 (part of the CODESYS Development System setup): All versions

CODESYS Control V3 Runtime System Toolkit: All versions

CODESYS V3 Safety SIL2: All versions

CODESYS Gateway V3: All versions

CODESYS HMI V3: All versions

CODESYS V3 Simulation Runtime (part of the CODESYS Development System): All versions

External links
http://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=
http://www.tenable.com/security/research/tra-2020-04
http://github.com/tenable/poc/blob/master/codesys/codesys_gateway_v3_config_modification_tra_2020_0...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Denial of service in several CODESYS V3 products