3S-Smart Software Solutions GmbH will have a new version available in February to mitigate an insufficiently protected credentials vulnerability in its CODESYS V3, according to a report with NCCIC.
Successful exploitation of this vulnerability, discovered by JunYoung Park, could allow for an attacker with access to PLC traffic to obtain user credentials.
In the vulnerability, the application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport.
All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component suffer from the hole, regardless of the CPU type or operating system:
• CODESYS Control for BeagleBone
• CODESYS Control for emPC-A/iMX6
• CODESYS Control for IOT2000
• CODESYS Control for Linux
• CODESYS Control for PFC100
• CODESYS Control for PFC200
• CODESYS Control for Raspberry Pi
• CODESYS Control RTE V3
• CODESYS Control RTE V3 (for Beckhoff CX)
• CODESYS Control Win V3 (also part of the CODESYS Development System setup)
• CODESYS V3 Simulation Runtime (part of the CODESYS Development System)
• CODESYS Control V3 Runtime System Toolkit
• CODESYS HMI V3
CVE-2019-9013 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.
The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.
3S-Smart Software Solutions GmbH reports this vulnerability will be corrected by Version 126.96.36.199, which is expected to be released February 2020.
As long as no update is available, 3S-Smart Software Solutions GmbH recommends activating and using encryption of online communication whenever possible. The encrypted communication protects the password transmission by a TLS based encryption, independent of the weak password encryption affected here.
For more information, see the CODESYS V3 advisory.