SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-816462404] 3S-Smart Software Solutions GmbH CODESYS Web Server

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-02-01Other3S-Smart Software Solutions GmbHZhu WenZhe of Istury IOT security lab reported this vulnerability to NCCIC.N/ACVE-2018-5440 N/AN/AN/A

Source

						
							
								
#
# 3S-Smart Software Solutions GmbH CODESYS Web Server
#


### VULNERABLE VENDOR
3S-Smart Software Solutions GmbH


### VULNERABLE PRODUCT
CODESYS Web Server 


### RESEARCHER
Zhu WenZhe of Istury IOT security lab reported this vulnerability to NCCIC.


### AFFECTED PRODUCTS
All Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19, are affected


### IMPACT
Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash, resulting in a buffer overflow condition that may allow remote code execution.


### VULNERABILITY OVERVIEW
STACK-BASED BUFFER OVERFLOW CWE-121
A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
CVE-2018-5440 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Kempten, Germany




### MITIGATION

This vulnerability will be fixed by patch V.1.1.9.19 for the CODESYS V2.3 web server for Windows. This will be part of the CODESYS setup V2.3.9.56. The release of this security patch was made available on January 30, 2018.

Currently, 3S-Smart Software Solutions GmbH has not identified any workarounds for this vulnerability.

In general, 3S-Smart Software Solutions GmbH recommends the following defensive measures to reduce the risk of exploitation of this vulnerability:

Use controllers and devices only in a protected environment to minimize network exposure and ensure they are not accessible from outside.

Use firewalls to protect and separate the control system network from other networks.

Use VPN (Virtual Private Networks) tunnels if remote access is required.

Protect both development and control systems from unauthorized access (e.g., by means of the operating system).

Protect both development and control system by using up-to-date virus detecting solutions.



For additional information regarding the CODESYS products, or about the described vulnerability, please contact the 3S-Smart Software Solutions support team at this location:

https://www.codesys.com/support-training/codesys-support.html




For additional information find the CODESYS Security update at the following location:

https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-01_LCDS-282.pdf


For more information and general recommendations for protecting machines and manufacturing facilities, see the CODESYS Security whitepaper available at this location:

https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf