Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLC’s.
The affected products can act as OPC UA client or server and are vulnerable to two different kind of attacks via
the OPC UA protocol. For both cases the attacker can send packets via the OPC UA protocol without the need to
Critical vulnerability has been discovered in the utilized components rcX, mbedTLS, PROFINET IO Device and EtherNet/IP Core by Hilscher Gesellschaft für Systemautomation mbH.
The impact of the vulnerabilities on the affected device is that it can result in:
ICE1-8IOL-S2-G60L-V1D (70103603) is not affected by CVE-2021-20986
The Web-Based Management (WBM) of WAGOs industrial managed switches is typically used for administration, commissioning and updates.
The reported vulnerabilities allow an attacker with access to the device and the Web-Based Management, to install malware, access to password hashes and create user with admin credentials.
A network port intended only for device-internal usage is accidentally accessible via external network interfaces.