CODESYS Industrial Automation Software
Reading Time: 2 minutes

Cybersecurity experts have found 10 critical flaws in CODESYS industrial automation software. These flaws can be exploited by actors for remote code execution on programmable logic controllers (PLCs).

According to the researchers at Positive Technologies, “To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough.”

They further said, “The main cause of the vulnerabilities is insufficient verification of input data, which may itself be caused by failure to comply with the secure development recommendations.”

The Russia-based cybersecurity firm discovered the vulnerabilities on a PLC offered by WAGO, used by other automation technology companies such as Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys. They all use CODESYS software for programming and configuring the controllers.

CODESYS is a german software company that offers a development environment for programming controller applications for use in industrial control systems. The company credited Vyacheslav Moskvin, Denis Goryushev, Anton Dorfman, Ivan Kurnakov, and Sergey Fedonin of Positive Technologies and Yossi Reuven of SCADAfence for reporting the flaws.

Six severe flaws were detected in the CODESYS V2.3 webserver component used by CODESYS WebVisu to visualize a human-machine interface(HMI) in a web browser. These vulnerabilities can be potentially exploited by bad actors to send specially-crafted web server requests to trigger a denial-of-service condition, write or read arbitrary code to and from a control runtime system’s memory, and even crash the CODESYS web server.

Below have mentioned six vulnerabilities rate 10 out of 10 on the CVSS scale

  • CVE-2021-30189 – Stack-based Buffer Overflow
  • CVE-2021-30190 – Improper Access Control
  • CVE-2021-30191 – Buffer Copy without Checking Size of Input
  • CVE-2021-30192 – Improperly Implemented Security Check
  • CVE-2021-30193 – Out-of-bounds Write
  • CVE-2021-30194 – Out-of-bounds Read

Apart from these, there are three other vulnerabilities with CVSS 8.8 score disclosed in the Control V2 runtime system that can be exploited to craft malicious requests that can result in a denial-of-service condition or being utilized for remote code execution.

  • CVE-2021-30186 – Heap-based Buffer Overflow
  • CVE-2021-30188 – Stack-based Buffer Overflow
  • CVE-2021-30195 – Improper Input Validation

While the last flaw is in the CODESYS Control V2 Linux SysFile library, CVE-2021-30187 with a CVSS score: 5.3. It can be exploited to call additional PLC functions, in turn allowing a bad actor to delete files and disrupt critical processes.
CODESYS has cautioned its users in an advisory saying “An attacker with low skills would be able to exploit these vulnerabilities.” It also mentioned it found no known public exploits that specifically target them.

According to Vladimir Nazarov, Head of ICS Security at Positive Technologies, “Their exploitation can lead to remote command execution on PLC, which may disrupt technological processes and cause industrial accidents and economic losses. The most notorious example of exploiting similar vulnerabilities is by using Stuxnet.”

Earlier similar issues were addressed in Siemens SIMATIC S7-1200 and S7-1500 PLCs that could be exploited by bad actors to gain remote access to protected areas of the memory and achieve unrestricted and undetected code execution.
Feel free to comment in the section below and Follow TechnoidHost on Facebook, Twitter, and LinkedIn to read more exclusive content we post.

Related Articles:

US Steamship Authority Hit By Ransomware Attack Disrupts Ferry Operations For Islands
White House holds Russia Responsible for JBS Ransomware Attack
Apple’s Latest Update for iOS Patches Dangerous Security Holes