VDE-2022-035 | CERT@VDE

2022-08-17 10:00 (CEST) VDE-2022-035

WAGO: Multiple product series affected by multiple CODESYS vulnerabilities

Share: Email | Twitter

ID

VDE-2022-035

Published

2022-08-17 10:00 (CEST)

Last update

2022-08-17 13:49 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
751-9301	CC100	<= 03.09.07(21)
752-8303/8000-0002	EC300	<= 03.07.14(19)
750-8100/xxx-xxx	PFC 100	<= 03.09.05(21)
750-8101/xxx-xxx	PFC 100	<= 03.09.05(21)
750-8102/xxx-xxx	PFC 100	<= 03.09.05(21)
750-8202/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8203/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8204/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8206/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8207/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8210/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8211/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8212/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8213/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8214/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8215/xxx-xxx	PFC 200	<= 03.09.05(21)
750-8216/xxx-xxx	PFC 200	<= 03.09.05(21)
762-4x0x/8000-000x	TP600	<= 03.07.14(19)
762-5x0x/8000-000x	TP600	<= 03.07.14(19)
762-6x0x/8000-000x	TP600	<= 03.07.14(19)

Summary

Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.

Vulnerabilities

CVE-2021-33485

9.8

Last Update

May 25, 2022, 4:24 p.m.

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Out-of-bounds Write (CWE-787)

Summary

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

Details

nvd.nist.gov

CVE-2020-6081

8.8

Last Update

Feb. 15, 2022, 7:35 a.m.

Severity

8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness

Insufficient Verification of Data Authenticity (CWE-345)

Summary

An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

Details

nvd.nist.gov

CVE-2021-36763

7.5

Last Update

May 25, 2022, 4:24 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Weakness

Files or Directories Accessible to External Parties (CWE-552)

Summary

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

Details

nvd.nist.gov

CVE-2021-36765

7.5

Last Update

Aug. 30, 2024, 9:28 a.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Weakness

NULL Pointer Dereference (476)

Summary

In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.

Details

nvd.nist.gov

CVE-2021-29241

7.5

Last Update

Nov. 17, 2022, 1:09 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

NULL Pointer Dereference (CWE-476)

Summary

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Details

nvd.nist.gov

CVE-2021-29242

7.3

Last Update

Sept. 8, 2021, 8:49 a.m.

Severity

7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Weakness

Improper Input Validation (CWE-20)

Summary

CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

Details

nvd.nist.gov

Impact

Please consult the CVE entries for further information.

Solution

Mitigation

• We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.

• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.

• The affected products of the CC100 family will receive a patched Version approximately in 09/22.

In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:

Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
Use firewalls to protect and separate the control system network from other networks
Use VPN (Virtual Private Networks) tunnels if remote access is required
Activate and apply user management and password features
Use encrypted communication links
Limit the access to both development and control system by physical means, operating system features, etc.
Protect both development and control system by using up to date virus detecting solutions

For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html

Reported by

Coordination done by CERT@VDE.