Summary
Two vulnerabilities have been discovered in the Expat XML parser library (aka libexpat). This open-source component is widely used in a lot of products worldwide. An attacker could cause a program to crash, use unexpected values or execute code by exploiting these use-after-free vulnerabilities.
Profinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).
Impact
Availability, integrity, or confidentiality of a device using the PROFINET Controller Stack mightbe compromised by attacks exploit these vulnerabilities.
Depending on the instantiation and timing of the defect, using previously freed memory might result in a variety of negative effects, from the corruption of valid data to the execution of arbitrary code. In the default installation a vulnerable libexpat is present, but it may have been replaced in the toolchain itself.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1175941 | PROFINET SDK <=6.6 | PROFINET SDK <=6.6 |
Vulnerabilities
Expand / Collapse alllibexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Mitigation
We strongly recommend customers to ensure that only data from reliable sources is used. Affected customers should also check if vulnerable libexpat library versions are used in the specific configuration tool chain.
For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation
Update configuration tool chains to libexpat library version 2.4.9.
Upgrade to PROFINET SDK 6.7 .
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 13.12.2022 08:00 | Initial revision. |
| 2 | 14.05.2025 15:00 | Fix: added distribution |