|Article No°||Product Name||Affected Version(s)|
|750-8202/xxx-xxx||<= 03.07.14 (19)|
|750-8203/xxx-xxx||<= 03.07.14 (19)|
|750-8204/xxx-xxx||<= 03.07.14 (19)|
|750-8206/xxx-xxx||<= 03.07.14 (19)|
|750-8207/xxx-xxx||<= 03.07.14 (19)|
|750-8208/xxx-xxx||<= 03.07.14 (19)|
|750-8210/xxx-xxx||<= 03.07.14 (19)|
|750-8211/xxx-xxx||<= 03.07.14 (19)|
|750-8212/xxx-xxx||<= 03.07.14 (19)|
|750-8213/xxx-xxx||<= 03.07.14 (19)|
|750-8214/xxx-xxx||<= 03.07.14 (19)|
|750-8216/xxx-xxx||<= 03.07.14 (19)|
|750-8217/xxx-xxx||<= 03.07.14 (19)|
Multiple vulnerabilities were reported in CODESYS 2.3 Runtime. The CODESYS 2.3 Runtime is an essential component in several WAGO PLCs. All vulnerable PLCs are listed in chapter ‘Affected Products’.
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V18.104.22.168.
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V22.214.171.124, resulting in a denial-of-service condition or local memory overwrite.
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V126.96.36.199.
In the CODESYS V2 web server prior to V188.8.131.52 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.
In the CODESYS V2 web server prior to V184.108.40.206 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V220.127.116.11, resulting in a denial-of-service condition.
The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the CODESYS 2.3 Runtime or WebVisualisation.
UPDATE A: fixed Firmware versions for 750-890/0xx-xxx, 750-891 and 750-893
We recommend all effected users with CODESYS 2.3 Runtime PLCs to update to the firmware version listed below.
Series Ethernet Controller
|Article Number||Fixed Firmware
|750-829||>=FW17||After BACnet certification|
|750-831/000-00x||>=FW17||After BACnet certification|
|750-832/000-00x||>=FW10||After BACnet certification|
|Article Number||Affected Firmware
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
These vulnerabilities were reported by
Coordination done by CERT@VDE.