3S-Smart Software Fixes CODESYS V3 Line

Wednesday, December 19, 2018 @ 02:12 PM gHale

3S-Smart Software Solutions GmbH has new software to mitigate use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities in its CODESYS V3 products, according to a report with NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by Alexander Nochvay from Kaspersky Lab, could allow a remote attacker to disguise the source of malicious communication packets and also exploit a random values weakness affecting confidentiality and integrity of data stored on the device.

3S-Smart Software Fixes CODESYS Control Issue
Advantech Fixes WebAccess/SCADA Hole
ABB Working to Fix Safety Gateway Holes
Medtronic Mitigation Plan for Devices

3S-Smart Software Solutions GmbH reports these vulnerabilities affect the following CODESYS V3 products:
• CODESYS Control for BeagleBone
• CODESYS Control for emPC-A/iMX6
• CODESYS Control for IOT2000
• CODESYS Control for Linux
• CODESYS Control for PFC100
• CODESYS Control for PFC200
• CODESYS Control for Raspberry Pi
• CODESYS Control RTE V3
• CODESYS Control RTE V3 (for Beckhoff CX)
• CODESYS Control Win V3 (also part of the CODESYS Development System setup)
• CODESYS Control V3 Runtime System Toolkit
• CODESYS V3 Embedded Target Visu Toolkit
• CODESYS V3 Remote Target Visu Toolkit
• CODESYS V3 Safety SIL2
• CODESYS Gateway V3
• CODESYS V3 Development System
• CODESYS V3 Simulation Runtime (part of the CODESYS Development System)

The application suffers from weak random values that can affect the confidentiality and integrity of data stored on the device.

CVE-2018-20025 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.4.

In addition, the application does not properly restrict communication channels, allowing the source of communication packets to be spoofed.

CVE-2018-20026 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.8.

The product sees use mainly in the critical manufacturing sector. The product sees use on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Germany-based 3-S Smart Software Solutions GmbH has released a new version of the software.

For more information, click here for all public CODESYS advisories.

3S-Smart Software Solutions GmbH recommends the following general defensive measures to reduce the risk of exploitation of these vulnerabilities:
• Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
• Use firewalls to protect and separate the control system network from other networks
• Use VPN (virtual private networks) tunnels if remote access is required
• Activate and apply user management and password features
• Limit the access to both development and control system by physical means, operating system features, etc.
• Protect both development and control system by using up to date virus detecting solutions

Leave a Reply

You must be logged in to post a comment.