Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT installation. All currently existing e!COCKPIT installation bundles contain vulnerable versions of WIBU-SYSTEMS Codemeter.
Several vulnerabilities have been discovered in WIBU-SYSTEMS CodeMeter and published 08 September 2020. Phoenix Contact is only affected by a subset of these vulnerabilities.
Phoenix Contact products are not affected by vulnerabilities WIBU-200521-01 (CVE-2020- 14513), WIBU-200521-04 (CVE-2020-14517, and WIBU-200521-06 (CVE-2020-14515). For further Information please refer to WIBU Advisories directly at https://wibu.com/support/security-advisories.html.
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart to correct.
The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.
The attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed.
For process data documentation purposes the laboratory washers, thermal disinfectors and washer-disinfectors can be integrated in a TCP/IP network by utilizing the affected communication module.
The communication module is separate from the actual device control and uses a chipset from Digi International.
The TCP / IP stack required for networking is implemented in this chipset with the help of a 3rd party library from Treck. External security researchers have identified several security holes in this library called Ripple20. The most critical vulnerability allows an external attacker to execute arbitrary code on the chip and thus also on the communication module.
The above named communication module can be integrated into the following laboratory washers, thermal disinfectors and washer- disinfectors:
Manipulated PC Worx projects could lead to a remote code execution due to insufficient input
data validation.
The attacker needs to get access to an original PC Worx project to be able to manipulate data
inside the project folder. After manipulation the attacker needs to exchange the original files by
the manipulated ones on the application programming workstation.
Beckhoff’s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames.
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
An attacker needs an authorized login with administrative privileges on the device in order to exploit the herein mentioned vulnerability.
An authenticated attacker who has access to the Web Based Management (WBM) could use the software upload functionality to install software package with root privileges. This fact could be potentially used to manipulate the device or to get control of the device.