3S-Smart Software Solutions GmbH has a patch ready to mitigate a stack-based buffer overflow in its CODESYS Web Server, according to a report with ICS-CERT.
All Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V184.108.40.206, suffer from the remotely exploitable vulnerability discovered by Zhu WenZhe of Istury IOT security lab.
Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash, resulting in a buffer overflow condition that may allow remote code execution.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
In the vulnerability, a crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
CVE-2018-5440 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees use mainly in the critical manufacturing or energy sectors. It also sees action on a global basis.
This vulnerability will be fixed by patch V.220.127.116.11 for the CODESYS V2.3 web server for Windows. This will be part of the CODESYS setup V18.104.22.168. The release of this security patch was made available January 30.
Currently, Kempten, Germany-based 3S-Smart Software Solutions GmbH has not identified any workarounds for this vulnerability.
In general, 3S-Smart Software Solutions GmbH recommends the following defensive measures to reduce the risk of exploitation of this vulnerability:
1. Use controllers and devices only in a protected environment to minimize network exposure and ensure they are not accessible from outside
2. Use firewalls to protect and separate the control system network from other networks
3. Use VPN (Virtual Private Networks) tunnels if remote access is required
4. Protect both development and control systems from unauthorized access (e.g., by means of the operating system)
5. Protect both development and control system by using up-to-date virus detecting solutions
For additional information regarding the CODESYS products, or about the described vulnerability, contact the 3S-Smart Software Solutions support team.
Click here for additional information find the CODESYS Security update.
For more information and general recommendations for protecting machines and manufacturing facilities, see the CODESYS Security whitepaper.