Article No° | Product Name | Affected Version(s) |
---|---|---|
CODESYS Development System V2.3 | < 2.3.9.73 |
Local attackers can cause affected CODESYS Development System V2.3 installations to crash or execute code by opening malicious project files.
The CODESYS Development System V2.3 is an IEC 61131-3 programming tool for the industrial controller and automation technology sector. It stores the program code for the controller and its configuration in project files (*.pro).
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.
The CODESYS Development System V2.3 allows corrupt project files to be opened after confirmation of a warning dialog so that legitimate users can possibly copy project fragments into a new project. This functionality does not sufficiently secure the loading of malicious project files and is therefore susceptible to the memory corruption vulnerabilities mentioned in the CVEs.
Mitigation
CODESYS GmbH strongly recommends only opening projects from trustworthy sources!
If the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project:
"The project file is corrupt. Would you still like to try to load the project?
Attention! CODESYS could become unstable when loading a corrupt project file."
In addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project.
Remediation
Update the CODESYS Development System V2.3 to version 2.3.9.73.
As of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated.
Note: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3.
Please visit the CODESYS download area for more information on how to obtain the software update.
These issues were reported by Michael Heinzl.
CERT@VDE coordinated with CODESYS.