Buffer overflow and code injection vulnerabilities in CODESYS

Cybersecurity specialists reported the finding of at least 4 critical vulnerabilities in CODESYS V2 Runtime Toolkit, a set of tools for CODESYS, the development environment for driver programming in accordance with the international industry standard IEC 61131-3. According to the report, successful exploitation of these flaws would allow denial of service (DoS) attacks, arbitrary code execution, buffer overflow, and other attacks to be deployed.

Below are brief descriptions of the reported flaws, in addition to their respective research keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-30186: A limit bug in affected developments would allow remote attackers to send a specially crafted request, triggering a heap-based buffer overflow and leading to a DoS condition.

This is a flaw of medium severity and received a CVSS score of 6.5/10.

CVE-2021-30188: A thth limit bug would allow unauthenticated remote attackers to send a specially crafted request, trigger a stack-based buffer overflow, and execute arbitrary code. 

The flaw received a score of 8.5/10.

CVE-2021-30195: Improper validation of user-provided input would allow remote attackers to pass a specially crafted entry to the affected application.

This vulnerability received a score of 6.5/10 and would allow the deployment of DoS attacks.

CVE-2021-30187: Incorrect input validation allows local users to pass specially crafted data to the application and execute arbitrary commands from the target operating system.

This flaw received a CVSS score of 6.8/10.

The vulnerabilities reside in the following affected versions and products:

  • CODESYS V2 Runtime Toolkit: any version prior to v2.4.7.55
  • CODESYS PLCWinNT: any version prior to v2.4.7.55

Flaws must be exploited locally, which significantly reduces the risk of attack. The updates are now available, so CODESYS recommends users of affected deployments install the security patches as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.