Summary
The CODESYS web server component of the CODESYS Control runtime system is used by the CODESYS
WebVisu to display visualization screens in a web browser. Receiving a specifically crafted TLS packet on an
HTTPS connection causes the CODESYS web server to crash because the return value of an underlying
function is not checked correctly for such unusual conditions.
Impact
The CODESYS web server, implemented by the CmpWebServer component, is an optional part of the
CODESYS Control runtime system. It is used by the CODESYS WebVisu to display CODESYS visualization
screens in a web browser. The CODESYS web server supports both the HTTP and HTTPS protocols.
Because the CODESYS web server does not correctly check the return value of an underlying function, it
reacts in a wrong way to specifically crafted TLS packets that are received via an HTTPS connection. This
causes the CODESYS web server to access invalid memory and the web server task to crash.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Control for PFC200 SL | <4.14.0.0 | |
| Control RTE (SL) | <3.5.20.30 | |
| Control RTE (for Beckhoff CX) SL | <3.5.20.30 | |
| Control Win (SL) | <3.5.20.30 | |
| Control for BeagleBone SL | <4.14.0.0 | |
| Control for IOT2000 SL | <4.14.0.0 | |
| Control for Linux ARM SL | <4.14.0.0 | |
| Control for Linux SL | <4.14.0.0 | |
| Control for PFC100 SL | <4.14.0.0 | |
| Control for PLCnext SL | <4.14.0.0 | |
| Control for Raspberry Pi SL | <4.14.0.0 | |
| Control for WAGO Touch Panels 600 SL | <4.14.0.0 | |
| Control for emPC-A/iMX6 SL | <4.14.0.0 | |
| Embedded Target Visu Toolkit | <3.5.20.30 | |
| HMI (SL) | <3.5.20.30 | |
| Remote Target Visu Toolkit | <3.5.20.30 | |
| Runtime Toolkit | <3.5.20.30 | |
| Virtual Control SL | <4.14.0.0 |
Vulnerabilities
Expand / Collapse allAn unauthenticated remote attacker sending a specially crafted TLS packet on an HTTPS connection causes the CODESYS web server to access invalid memory, resulting in a DoS.
Remediation
Update the following products to version 3.5.20.30.
* CODESYS Control RTE (SL)
* CODESYS Control RTE (for Beckhoff CX) SL
* CODESYS Control Win (SL)
* CODESYS HMI (SL)
* CODESYS Runtime Toolkit
* CODESYS Embedded Target Visu Toolkit
* CODESYS Remote Target Visu Toolkit
Update the following products to version 4.14.0.0.
* CODESYS Control for BeagleBone SL
* CODESYS Control for emPC-A/iMX6 SL
* CODESYS Control for Linux ARM SL
* CODESYS Control for Linux SL
* CODESYS Control for PFC100 SL
* CODESYS Control for PFC200 SL
* CODESYS Control for PLCnext SL
* CODESYS Control for Raspberry Pi SL
* CODESYS Control for WAGO Touch Panels 600 SL
* CODESYS Virtual Control SL
Update the following product to version 4.15.0.0 (Version 4.14.0.0 has not been released).
* CODESYS Control for IOT2000 SL
The products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS download area https://www.codesys.com/download .
Acknowledgments
CODESYS GmbH thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- ABB for reporting
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 25.09.2024 23:59 | Initial revision. |
| 2 | 12.12.2024 12:00 | Further software update available |
| 3 | 03.04.2025 12:00 | Fixed version information for CODESYS Control for IOT2000 SL. Fixed typos in version ranges. |