Summary
Multiple WAGO devices are prone to vulnerabilites in the used CODESYS V3 framework.
Impact
Please refer to the official CODESYS Advisories:
• Advisory2023-02_CDS-82683• Advisory2023-03_CDS-84820
Website at www.codesys.com/security/security-rep...
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 751-9301/xxx-xxx, 751-9401/xxx-xxx | Compact Controller 100 | Firmware <= FW25 |
| 752-8303/8000-0002 | EC 300 | Firmware <= FW25 |
| 750-8101/xxx-xxx, 750-8102/xxx-xxx, 750-8100/xxx-xxx | PFC100 | Firmware <= FW25 |
| 750-8202/xxx-xxx, 750-8204/xxx-xxx, 750-8206/xxx-xxx, 750-8207/xxx-xxx, 750-8210/xxx-xxx, 750-8211/xxx-xxx, 750-8212/xxx-xxx, 750-8213/xxx-xxx, 750-8214/xxx-xxx, 750-8215/xxx-xxx, 750-8216/xxx-xxx, 750-8217/xxx-xxx, 750-8203/xxx-xxx | PFC200 | Firmware <= FW25 |
| 762-5x0x/8000-000x, 762-6x0x/8000-000x, 762-4x0x/8000-000x | TP 600 | Firmware <= FW25 |
Vulnerabilities
Expand / Collapse allAn authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
Mitigation
Vulnerabilities of CODESYS Advisory 2023-02:• Please make sure that the 'port authentication' option in the web-based management is activated. In this way none of the vulnerabilities can be exploited by unauthenticated users.• Please change the default admin password.
Vulnerability of CODESYS Advisory 2023-03:• This vulnerability exists in the CODESYS programming service which is needed for commission only. Deactivate the CODESYS programming port in the web-based management if you do not need the service.
In addition to the mitigation hints CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
Use controllers and devices only in a protected environment to minimize network exposure and ensure they are not accessible from outside.
Use firewalls to protect and separate the control system network from other networks.
Use VPN (Virtual Private Networks) tunnels if remote access is required.
Activate and apply user management and password features.
Use encrypted communication links.
Limit the access to both development and control system by physical means, operating system features, etc.
Protect both development and control system by using up to date virus detection solutions.
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at www.codesys.com/security/security-rep...
Remediation
A fixed firmware for affected devices is planned for Q1 2024.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 07/31/2023 09:36 | Initial revision. |
| 2 | 05/22/2025 15:03 | Fix: quotation mark |