CODESYS Modbus TCP Server - Improper resource management

CODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server protocol stack library results in a vulnerability. When a Modbus TCP server is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.

The vulnerability is caused by a resource management issue in the Modbus TCP server and is only exploitable if a race condition in the connection handling is successfully triggered. Over time, this may exhaust the configured maximum number of connections, potentially preventing new connections from being accepted. Existing connections remain unaffected and continue to operate normally.

This issue affects only CODESYS projects that include a Modbus TCP server configuration.

Exploitation of this vulnerability may allow an unauthenticated remote attacker to exhaust all available TCP connections in the CODESYS Modbus TCP Server stack running on a CODESYS Control runtime system, thereby preventing legitimate clients from establishing new connections.

Update the following product to version 4.6.0.0.
* CODESYS Modbus

To make the fix effective for existing CODESYS projects, you must additionally update the local Modbus TCP Server in the device tree to the latest version and perform a download of the CODESYS application to the PLC.

The CODESYS Development System and the products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.

CODESYS GmbH thanks the following parties for their efforts:

• CERT@VDE for coordination (see https://www.certvde.com )
• ABB Schweiz AG for reporting