There are new vulnerabilities discovered every day, and new patches issued to fix them. As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources into offensive research of vulnerabilities and attack techniques.
SCADAfence’s security researcher Yossi Reuven discovered a new vulnerability in the CODESYS development system. CVE-2021-30186 is a CVSS 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) vulnerability which is a crafted request that may cause a heap-based buffer overflow in the affected CODESYS products, resulting in a denial-of-service condition.
CODESYS is a development environment for programming controller applications according to the international industrial standard IEC 61131-3. The main product of the software suite is the CODESYS Development System, an IEC 61131-3 tool.
About the Vulnerability- CVE-2021-30186
V2 runtime systems are one of the main products offered by CODESYS which provides SDK for the implementation of industrial IEC 61131-3 controllers with a customized PLC runtime system.
The CODESYS Control runtime system enables embedded or PC-based devices to be a programmable industrial controller. It provides a communication server for communication with clients like the CODESYS Development System. A single crafted request may cause a heap-based buffer overflow in the affected CODESYS products, resulting in a denial-of-service condition. This simple but severe vulnerability can be exploited remotely.
What SCADAfence Recommends Customers Do
Perform an Industrial Vulnerability Management Process
Please refer to our guide on this topic: https://www.scadafence.com/public-preview-a-comprehensive-guide-to-industrial-device-patching/
Monitor for Unauthorized Network Activity and Exploitation
Some devices will always remain unpatched. Monitoring is an early warning system that allows you to act before attackers have gained full control over your network.
Upgrade to the Latest Firmware
CODESYS is currently working on patches that will fix the following versions of the affected products:
- CODESYS Runtime Toolkit 32 bit full prior version V220.127.116.11
- CODESYS PLCWinNT prior version V18.104.22.168. This will also be part of the CODESYS Development System setup version V22.214.171.124.
CODESYS expects the releases of all the versions to be available in early May 2021. When the patch is available, we recommend asset owners consider upgrading the products.
Prevent Unauthorized and Untrusted Access
We recommend that CODESYS customers use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. Additionally, we recommend adopting a Firewall or VPN (Virtual Private Networks) tunnel to protect and separate the control system network from unauthorized access from other networks and unsecured remote access.
Special Thanks & Recognition
The SCADAfence Research team would like to thank the CODESYS team for the collaboration and a speedy vulnerability reporting process.
CODESYS has published the advisory ( 2021-06) and released a firmware update to part of the product line.
SCADAfence is committed to continued research of offensive technologies and the development of new defensive technologies.
If you want to try out the SCADAfence Platform and uncover all of the vulnerabilities in your OT network, we will be glad to help you.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.