Summary
A Denial-of-Service Vulnerability was reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC's. All vulnerable PLCs are listed in chapter 'Affected Products'.
Impact
The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerability, to manipulate and disrupt the CODESYS 2.3 Runtime of the device.
Affected Product(s)
Model no. | Product name | Affected versions |
---|---|---|
750-8202/xxx-xxx | Firmware <=FW19 | |
750-8203/xxx-xxx | Firmware <=FW19 | |
750-8204/xxx-xxx | Firmware <=FW19 | |
750-8206/xxx-xxx | Firmware <=FW19 | |
750-8207/xxx-xxx | Firmware <=FW19 | |
750-8208/xxx-xxx | Firmware <=FW19 | |
750-8210/xxx-xxx | Firmware <=FW19 | |
750-8211/xxx-xxx | Firmware <=FW19 | |
750-8212/xxx-xxx | Firmware <=FW19 | |
750-8213/xxx-xxx | Firmware <=FW19 | |
750-8214/xxx-xxx | Firmware <=FW19 | |
750-8216/xxx-xxx | Firmware <=FW19 | |
750-8217/xxx-xxx | Firmware <=FW19 |
Vulnerabilities
Expand / Collapse allIn CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
Mitigation
- Use general security best practices to protect systems from local and network attacks.
- Do not allow direct access to the device from untrusted networks.
- Update to the latest firmware according to the table in chapter solutions.
- Disable the CODESYS 2.3 port 2455.
Acknowledgments
WAGO GmbH & Co. KG thanks the following parties for their efforts:
- CERTVDE for coordination (see https://certvde.com )
- Steffen Robertz and Gerhard Hechenberger from SEC Consult Vulnerability Lab. for reporting
Revision History
Version | Date | Summary |
---|---|---|
1 | 16.11.2021 13:05 | initial revision |
2 | 22.05.2025 15:03 | Fix: version space, added distribution, quotation mark |