3S-Smart Software Solutions GmbH released new versions to mitigate unverified ownership and uncontrolled memory allocation vulnerabilities in its CODESYS V3, according to a report with NCCIC.
Successful exploitation of these remotely exploitable vulnerabilities, which 3S Smart Software Solutions self-reported, could allow a remote attacker to close existing communication channels or to take over an already established user session to send crafted packets to a PLC.
All variants of the following CODESYS V3 products in all versions prior to v126.96.36.199 that contain the CmpGateway component are affected, regardless of the CPU type or operating system.
The CODESYS V3 variants include:
• CODESYS Control for BeagleBone
• CODESYS Control for emPC-A/iMX6
• CODESYS Control for IOT2000
• CODESYS Control for Linux
• CODESYS Control for PFC100
• CODESYS Control for PFC200
• CODESYS Control for Raspberry Pi
• CODESYS Control V3 Runtime System Toolkit
• CODESYS Gateway V3
• CODESYS V3 Development System
In one vulnerability, the CODESYS Gateway does not correctly verify the ownership of a communication channel.
CVE-2019-9010 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.0.
In addition, a crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition.
CVE-2019-9012 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
Germany-based 3S-Smart Software Solutions GmbH released v188.8.131.52 and v184.108.40.206. Each of these releases solve the noted vulnerabilities issues.
Click on the CODESYS update area for more information on how to obtain the software update.