3S Fixes CoDeSys Runtime Toolkit Hole

Monday, February 3, 2014 @ 02:02 PM gHale


Smart Software Solutions (3S) produced an update that mitigates a NULL pointer dereference vulnerability in the CoDeSys Runtime Toolkit application, according to a report on ICS-CERT.

Nicholas Miles, the independent researcher that found the vulnerability, tested the update to validate that it resolves the remotely exploitable vulnerability.

RELATED STORIES
Schneider Patches DNP3 Vulnerability
GE Proficy Vulnerabilities
S4 Report: Ecava Vulnerability
WellinTech Fixes Two Vulnerabilities

The following CoDeSys versions suffer from the issue: CoDeSys Runtime Toolkit versions older than Version V2.4.7.44.

If exploited, an attacker could use this vulnerability to remotely cause a system crash within the Runtime Toolkit application.

3S is a German-based company that maintains offices in Germany and China. 3S develops software used in various programmable logic controllers and industrial controllers. 3S also develops products specifically for visualization applications (human-machine interfaces), engineering desktop programming platforms, safety modules, and fieldbus controllers.

The affected product, CoDeSys Runtime Toolkit, ends up embedded in third-party software used in various manufacturers’ SCADA systems. According to 3S, CoDeSys ended up deployed across several sectors including critical manufacturing, building automation, energy, transportation, and others. 3S estimates these products see use worldwide.

The CoDeSys Runtime Toolkit dereferences a pointer that it expects to be valid, but is NULL. By dereferencing the pointer that is NULL, an attacker could cause the Runtime Toolkit to crash.

CVE-2014-0757 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.1.

No known public exploits specifically target this vulnerability. An attacker with a moderate skill would be able to exploit this vulnerability.

3S produced an update that is available for download from the 3S CODESYS Download page.



Leave a Reply

You must be logged in to post a comment.