There is an improper access control vulnerability affecting 3S-Software CoDeSys that could allow an attacker to upload unauthenticated configuration changes to a programmable logic controller (PLC), which may include arbitrary code.
CoDeSys is a third-party product used on PLCs and engineering workstations, according to a report on ICS-CERT. Researcher Reid Wightman released this report without coordination with either the vendor or ICS-CERT.
The vendor is aware of the report and is looking into the remotely exploitable vulnerabilities. ICS-CERT issued this alert to provide notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.
The researchers publicly released two tools containing exploit code for these vulnerabilities. The first tool shows where an attacker could obtain a shell on the PLC. The second tool shows how an attacker could transfer arbitrary files to and from the PLC.
The report included vulnerability details for the following vulnerabilities:
The vulnerabilities include improper access control and a directory traversal, which could lead to a loss of integrity, confidentiality and availability.
3S has a Web site where asset owners can look up devices that uses CoDeSys.