| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| CODESYS Runtime Toolkit | < 3.5.21.0 |
The OPC UA security policy Basic128Rsa15 is vulnerable against attacks on the private key. This can lead to loss of confidentiality or authentication bypass. The CODESYS OPC UA server is not affected in the default configuration. However, the affected policy may be enabled by a customer configuration.
An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.
The CODESYS OPC UA server, implemented by the CmpOPCUAServer component, is an optional part of the CODESYS runtime system. The OPC UA server enables data exchange between the CODESYS runtime system and OPC UA clients such as SCADA or HMIs.
The OPC UA protocol supports various security policies to protect communication against common attacks. The deprecated Basic128Rsa15 security policy (http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15) relies on the outdated RSA encryption scheme with PKCS#1 v1.5 padding to secure the payload of OpenSecureChannel messages. This weakness allows an unauthenticated attacker to exploit the Bleichenbacher padding oracle attack to compromise the private key of the OPC UA server's certificate. Consequently, a client could bypass application authentication or decrypt transmitted data. This vulnerability equals CVE-2024-42512, which was published by the OPC Foundation for their OPC UA.NET Standard Stack. However, our assessment resulted in a higher CVSS score because we determined that the attack complexity using the Bleichenbacher padding oracle is rather low than high.
Although this security policy was disabled by default in the CODESYS Runtime Toolkit, device manufacturers with custom build configurations may have enabled it in the past by setting the compiler #define "CMPOPCUASTACK_ALLOW_SHA1_BASED_SECURITY".
Note: At the same time as the publication of CVE-2024-42512, the OPC Foundation also released CVE-2024-42513. Since CODESYS products do not support OPC UA HTTPS endpoints, no CODESYS product is affected by CVE-2024-42513.
Mitigation
If set, device manufactures need to remove the compiler #define "CMPOPCUASTACK_ALLOW_SHA1_BASED_SECURITY" from the build configuration of the CODESYS Runtime toolkit to restore the default value, which disables the affected OPC UA security policy Basic128Rsa15.
Note: This prevents clients that only support the Basic128Rsa15 policy from connecting to the CODESYS UPC UA server.
Remediation
Update the following product to version 3.5.21.0 and follow the updated documentation:
This update has no direct functional impact, but the improved documentation strongly discourages the CODESYS Runtime Toolkit setting “CMPOPCUASTACK_ALLOW_SHA1_BASED_SECURITY”.
If set, device manufactures need to remove the compiler #define "CMPOPCUASTACK_ALLOW_SHA1_BASED_SECURITY" from the build configuration of the CODESYS Runtime toolkit to remediate the vulnerability. This restores the default configuration and disables the affected OPC UA security policy Basic128Rsa15.
Note: This prevents clients that only support the Basic128Rsa15 policy from connecting to the CODESYS UPC UA server.
Device manufacturers find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download.
CERT@VDE coordinated with CODESYS
Reporting: Tom Tervoort from Secura B.V.