Table of Contents
The CODESYS automation software had as many as ten vulnerabilities that could be exploited to execute code remotely on programmable logic controllers (PLCs) is disclosed by cyber security researchers Thursday.
Researchers From Positive Technologies said:
“To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough.
The main cause of the vulnerabilities is insufficient verification of input data. Which may be failure to comply with the secure development recommendations.”
Security experts at the Russian cyber security firm discovered the vulnerabilities in controllers made by WAGO, Which in addition to Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, also uses CODESYS software for programming and configuring their controllers.
The CodeSYS development environment develop industrial control system applications.
They attributed the drawbacks to Vyacheslav Moskvin, Denis Goryushev, Anton Dorfman, Ivan Kurnakov, Sergey Fedonin of Positive Technologies, and Yossi Reuven of SCADAfence.
CODESYS WebVisu, a tool that visualizes a human-machine interface (HMI) in a web browser, found to contain six of the most severe issues in the CODESYS V2.3 web server component.
An adversary could leverage the vulnerabilities to send specially-crafted requests to the CODESYS server to cause a denial-of-service condition. Copy and run arbitrary code, and even crash the system.
All Six Bugs Are Classified As Potentially Dangerous.
- CVE-2021-30189 – Stack-based Buffer Overflow
- CVE-2021-30190 – Improper Access Control
- CVE-2021-30191 – Buffer Copy without Checking Size of Input
- CVE-2021-30192 – Improperly Implemented Security Check
- CVE-2021-30193 – Out-of-bounds Write
- CVE-2021-30194 – Out-of-bounds Read
Additionally, three other vulnerabilities (CVSS scores: 8.8) in the Control V2 runtime system can be abused to craft malicious requests that may result in a denial-of-service condition or even be used for remote code installation.
- CVE-2021-30186 – Heap-based Buffer Overflow
- CVE-2021-30188 – Stack-based Buffer Overflow
- CVE-2021-30195 – Improper Input Validation
Another drawback found in the CODESYS Control V2 Linux SysFile library (CVE-2021-30187, CVSS score: 5.3) that might be allow a bad actor to delete files and interrupt difficult processes.
A low-skilled attacker could exploit these vulnerabilities, CODESYS warned in its advisory.
Adding it was unaware of any public exploits specially targeting them.
Similar To Previous Flaws
It comes just a few weeks after Siemens’ SIMATIC S7-1200 and S7-1500 PLCs were disclosed to have similar vulnerabilities that could allow attackers to gain remote access to protect the memory areas and run programs undetected through the memory.