Share: Email | Twitter

ID

VDE-2021-049

Published

2021-11-16 12:05 (CET)

Last update

2021-11-16 12:05 (CET)

Vendor(s)

WAGO

Product(s)

Article Number Affected Firmware
Versions
750-8202/xxx-xxx <=03.07.14 (19)
750-8203/xxx-xxx
750-8204/xxx-xxx
750-8206/xxx-xxx
750-8207/xxx-xxx
750-8208/xxx-xxx
750-8210/xxx-xxx
750-8211/xxx-xxx
750-8212/xxx-xxx
750-8213/xxx-xxx
750-8214/xxx-xxx
750-8216/xxx-xxx
750-8217/xxx-xxx

 

Summary

A Denial-of-Service Vulnerability was reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC’s. All vulnerable PLCs are listed in chapter ‘Affected Products’.
https://www.codesys.com/security/security-reports.html


Weakness

Improper Handling of Exceptional Conditions  (CWE-755) 

Summary

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.


Impact

The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerability, to manipulate and disrupt the CODESYS 2.3 Runtime of the device.

Solution

We recommend all affected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.

Article Number Fixed in
Version
Approx.
Available
750-8202/xxx-xxx >=FW20 January 2022
750-8203/xxx-xxx
750-8204/xxx-xxx
750-8206/xxx-xxx
750-8207/xxx-xxx
750-8208/xxx-xxx
750-8210/xxx-xxx
750-8211/xxx-xxx
750-8212/xxx-xxx
750-8213/xxx-xxx
750-8214/xxx-xxx
750-8216/xxx-xxx
750-8217/xxx-xxx

Mitigation

  1. Use general security best practices to protect systems from local and network attacks.
  2. Do not allow direct access to the device from untrusted networks.
  3. Update to the latest firmware according to the table in chapter solutions.
  4. Disable the CODESYS 2.3 port 2455.

For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html

Reported by

This vulnerability was reported by Steffen Robertz and Gerhard Hechenberger from SEC Consult Vulnerability Lab.
Coordination done by CERT@VDE.