Description
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- 3S-Smart Software Solutions / CoDeSys3.X – 3.X
- 3S-Smart Software Solutions / CODESYS Control RTE0 – 2.3.7.17
- 3S-Smart Software Solutions / CODESYS Control Runtime embedded0 – 2.3.2.8
- 3S-Smart Software Solutions / CODESYS Control Runtime full0 – 2.4.7.40
- Festo / CECX-X-C1 Modular Master Controller with CoDeSysAll – All
- Festo / CECX-X-M1 Modular Controller with CoDeSys and SoftMotionAll – All
References
- MISChttp://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
- VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01
- MISChttp://www.digitalbond.com/tools/basecamp/3s-codesys/
- VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
- MISChttps://us.codesys.com/ecosystem/security/