with TruControl version as from 1.04 to 3.0.0 and TRUMPF Peripheral Bus. (TRUMPF Peripheral Bus is a system expansion of the fieldbus interfaces of a laser control.)
TruControl laser control software from versions 1.04 to 3.0.0 use codesys runtime versions affected by multiple CVEs:
CVE-2021-29242, CVE-2021-29241, CVE-2019-5105, CVE-2020-7052, CVE-2019-9012, CVE-2019-9010, CVE-2019-9009, CVE-2018-10612
In addition to the CVEs listed above, the affected products are also affected by the following three vulnerabilites without a CVE ID:
CODESYS Advisory 2018-07
A crafted communication request may cause an access violation in the affected CODESYS products and may result in a denial-of-service condition.
CVSSv3.0 base score 6.5
CVSSv3.0 Vector (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CODESYS Advisory 2018-04
The CODESYS runtime system allows to access files outside the restricted working directory of the controller by online services
CVSSv3.0 base score 9.9
CVSSv3.0 Vector (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CODESYS Advisory 2017-03
A crafted request may cause an access violation in the affected CODESYS products and may result in a denial-of-service condition
CVSSv3.0 base score 7.5
CVSSv3.0 Vector (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access ...
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products ...
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an ...
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. ...
CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that may result in a denial of service (DoS).
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low ...
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
To be able to exploit this vulnerability the attacker first needs to gain any kind of network access to the system.
When the system is reachable over the network these vulnerabilities can be exploited with following possible impacts/damages to the system:
Safety is not affected since it is controlled by an independent electromechanical safety mechanism.
CODESYS GmbH published the original reports.
TRUMPF Laser GmbH reported the vulnerability to CERT@VDE.