|Article No°||Product Name||Affected Version(s)|
|1264327||ENERGY AXC PU||< V04.15.00.00|
Multiple vulnerabilities have been discovered in CODESYS Control V3 runtime system.
For details regarding the single vulnerabilities please refer to the security advisories issued by CODESYS:
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
The CODESYS Control runtime system enables embedded or PC-based devices to be a programmable industrial controller. Such products contain communication servers for the CODESYS protocol to enable communication with clients.
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to Phoenix Contacts application note.
Measures to protect network-capable devices with Ethernet connection
Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list of affected products, which fixes this vulnerability.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.