A established of 15 higher-severity security flaws have been disclosed in the CODESYS V3 program progress package (SDK) that could final result in remote code execution and denial-of-service under unique conditions, posing hazards to operational technology (OT) environments.
The flaws, tracked from CVE-2022-47379 by means of CVE-2022-47393 and dubbed CoDe16, carry a CVSS rating of 8.8 with the exception of CVE-2022-47391, which has a severity rating of 7.5. Twelve of the flaws are buffer overflow vulnerabilities.
“Exploitation of the identified vulnerabilities, which have an affect on all variations of CODESYS V3 prior to model 3.5.19., could put operational technology (OT) infrastructure at risk of attacks, these kinds of as distant code execution (RCE) and denial-of-service (DoS),” Vladimir Tokarev of the Microsoft Danger Intelligence Community claimed in a report.
When a productive weaponization of the flaws necessitates person authentication as perfectly as an in-depth awareness of the proprietary protocol of CODESYS V3, the issues could have significant impacts that could end result in shutdowns and destructive tampering of critical automation procedures.
The remote code execution bugs, in unique, could be abused to backdoor OT products and interfere with the functioning of programmable logic controllers (PLCs) in a way that could pave the way for facts theft.
“Exploiting the vulnerabilities involves user authentication as properly as bypassing the Data Execution Avoidance (DEP) and Address Room Layout Randomization (ASLR) employed by each the PLCs,” Tokarev defined.
To get past the user authentication barrier, a regarded vulnerability (CVE-2019-9013, CVSS score: 8.8) is used to steal qualifications by signifies of a replay attack from the PLC, followed by leveraging the flaws to bring about a buffer overflow and achieve regulate of the product.
Patches for the flaws had been unveiled in April 2023. A short description of the issues is as follows –
- CVE-2022-47379 – Soon after profitable authentication, specific crafted interaction requests can cause the CmpApp element to create attacker-managed information to memory, which can lead to a denial-of-provider problem, memory overwriting, or distant code execution.
- CVE-2022-47380 and CVE-2022-47381 – Following profitable authentication, certain crafted interaction requests can trigger the CmpApp component to publish attacker-controlled data to stack, which can guide to a denial-of-support problem, memory overwriting, or distant code execution.
- CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, and CVE-2022-47390 – Soon after productive authentication, particular crafted communication requests can lead to the CmpTraceMgr element to compose attacker-controlled facts to stack, which can direct to a denial-of-assistance condition, memory overwriting, or distant code execution.
- CVE-2022-47385 – Following prosperous authentication, specific crafted conversation requests can result in the CmpAppForce component to publish attacker-controlled facts to stack, which can guide to a denial-of-support condition, memory overwriting, or remote code execution.
- CVE-2022-47391 – Crafted interaction requests can bring about the influenced merchandise to read internally from an invalid address, probably foremost to a denial-of-services problem.
- CVE-2022-47392 – Soon after prosperous authentication, certain crafted communication requests with inconsistent content material can result in the CmpApp/CmpAppBP/CmpAppForce elements to examine internally from an invalid deal with, most likely major to a denial-of-support ailment.
- CVE-2022-47393 – Soon after productive authentication, particular crafted communication requests can bring about the CmpFiletransfer part to dereference addresses provided by the ask for for inner study entry, which can direct to a denial-of-support predicament.
“With CODESYS currently being used by a lot of sellers, a person vulnerability may perhaps have an affect on several sectors, product sorts, and verticals, enable by yourself a number of vulnerabilities,” Tokarev stated.
“Danger actors could launch a DoS attack versus a system using a vulnerable variation of CODESYS to shut down industrial functions or exploit the RCE vulnerabilities to deploy a backdoor to steal delicate info, tamper with functions, or force a PLC to work in a harmful way.”
Observed this posting attention-grabbing? Stick to us on Twitter and LinkedIn to browse much more exceptional content material we write-up.
Some pieces of this posting are sourced from: