|Article No°||Product Name||Affected Version(s)|
|750-8202/xxx-xxx||<= 03.07.14 (19)|
|750-8203/xxx-xxx||<= 03.07.14 (19)|
|750-8204/xxx-xxx||<= 03.07.14 (19)|
|750-8206/xxx-xxx||<= 03.07.14 (19)|
|750-8207/xxx-xxx||<= 03.07.14 (19)|
|750-8208/xxx-xxx||<= 03.07.14 (19)|
|750-8210/xxx-xxx||<= 03.07.14 (19)|
|750-8211/xxx-xxx||<= 03.07.14 (19)|
|750-8212/xxx-xxx||<= 03.07.14 (19)|
|750-8213/xxx-xxx||<= 03.07.14 (19)|
|750-8214/xxx-xxx||<= 03.07.14 (19)|
|750-8216/xxx-xxx||<= 03.07.14 (19)|
|750-8217/xxx-xxx||<= 03.07.14 (19)|
Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLCs. All vulnerable PLCs are listed in chapter ‘Affected Products’.
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V184.108.40.206, resulting in ...
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to ...
In the CODESYS V2 web server prior to V220.127.116.11 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer ...
In the CODESYS V2 web server prior to V18.104.22.168 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service ...
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V22.214.171.124, resulting in a denial-of-service ...
The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the CODESYS 2.3 Runtime or WebVisualisation.
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
|Article Number||Fixed Firmware
|750-829||>=FW17||After BACnet certification|
|750-831/000-00x||>=FW17||After BACnet certification|
|750-832/000-00x||>=FW10||After BACnet certification|
|Article Number||Affected Firmware
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
These vulnerabilities were reported by
Coordination done by CERT@VDE.