More Holes in CoDeSys Line

Friday, December 9, 2011 @ 06:12 PM gHale


There is a buffer overflow vulnerability with proof-of-concept (PoC) exploit code and three other holes affecting 3S CoDeSys web server, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product.

According to this report, the vulnerability is exploitable by sending specially crafted packets to the server Port 8080/TCP. Celil Unuver of SignalSEC Labs released the report. ICS-CERT is coordinating the vulnerability with the security researcher and the vendor.

RELATED STORIES
PcVue Works to Patch Vulnerabilities
New Release for Vulnerable SCADA
Hike in Public Release of SCADA Holes
Siemens Investigating Vulnerabilities
Schneider Vulnerabilities Released
Patches for InduSoft Vulnerabilities

The three other vulnerabilites are the result of research done by Luigi Auriemma without coordination by ICS-CERT and the vendor.

ICS-CERT is issuing this updated alert to provide notice of the additional report vulnerabilities and to identify baseline mitigations for reducing risks to this and other cyber security attacks.

The first vulnerability is a stack based buffer overflow that could lead to a denial of service or a possible remote code execution. There are three other vulnerabilities including an integer overflow, a null pointer (method 1) and a null pointer (method 2) which could lead to a denial of service. All four vulnerabilities are remotely exploitable.

Please report any issues affecting control systems in critical infrastructure environments to ICS-CERT.

ICS-CERT is currently coordinating with the vendor to identify mitigations.



Leave a Reply

You must be logged in to post a comment.