VDE-2022-031 | CERT@VDE

2022-08-17 10:00 (CEST) VDE-2022-031

WAGO: Multiple Products Series affected by multiple CODESYS vulnerabilities

Share: Email | Twitter

ID

VDE-2022-031

Published

2022-08-17 10:00 (CEST)

Last update

2022-08-17 13:49 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
752-8303/8000-0002	EC300	<= 03.06.19(18)
750-8100/xxx-xxx	PFC 100	<= 03.06.19(18)
750-8101/xxx-xxx	PFC 100	<= 03.06.19(18)
750-8102/xxx-xxx	PFC 100	<= 03.06.19(18)
750-8202/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8203/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8204/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8206/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8207/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8210/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8211/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8212/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8213/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8214/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8215/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8216/xxx-xxx	PFC 200	<= 03.06.19(18)
750-8217/xxx-xxx	PFC 200	<= 03.06.19(18)
762-4x0x/8000-000x	TP600	<= 03.06.19(18)
762-5x0x/8000-000x	TP600	<= 03.06.19(18)
762-6x0x/8000-000x	TP600	<= 03.06.19(18)

Summary

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.

Vulnerabilities

CVE-2019-9013

8.8

Last Update

Feb. 15, 2022, 9:47 a.m.

Severity

8.8 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

Summary

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.

Details

nvd.nist.gov

CVE-2019-9011

n/a

Last Update

Feb. 15, 2022, 9:48 a.m.

Severity

Weakness

Summary

This vulnerability enables valid user names to be identified.

Details

nvd.nist.gov

CVE-2020-12067

n/a

Last Update

Feb. 15, 2022, 9:46 a.m.

Severity

Weakness

Summary

The user password can be changed without having to enter the original password.

Details

nvd.nist.gov

CVE-2020-12069

n/a

Last Update

July 18, 2022, 11:13 a.m.

Severity

Weakness

Summary

The hashing procedure used to save passwords is inadequate.

Details

nvd.nist.gov

Impact

Please consult the CVE entries for further information.

Solution

We recommend all effected users to update to firmware version 03.07.14(19) or later (see list of affected devices).

Mitigation

CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:

Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
Use firewalls to protect and separate the control system network from other networks
Use VPN (Virtual Private Networks) tunnels if remote access is required
Activate and apply user management and password features
Use encrypted communication links
Limit the access to both development and control system by physical means, operating system features, etc.
Protect both development and control system by using up to date virus detecting solutions

For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html

Reported by

Coordination done by CERT@VDE