ADVISORY2024-05_VDE-2024-057
Vulnerability from csaf_codesysgmbh - Published: 2024-09-25 21:59 - Updated: 2025-04-03 10:00Summary
CODESYS: CODESYS web server vulnerable to DoS
Notes
Summary: The CODESYS web server component of the CODESYS Control runtime system is used by the CODESYS
WebVisu to display visualization screens in a web browser. Receiving a specifically crafted TLS packet on an
HTTPS connection causes the CODESYS web server to crash because the return value of an underlying
function is not checked correctly for such unusual conditions.
Impact: The CODESYS web server, implemented by the CmpWebServer component, is an optional part of the
CODESYS Control runtime system. It is used by the CODESYS WebVisu to display CODESYS visualization
screens in a web browser. The CODESYS web server supports both the HTTP and HTTPS protocols.
Because the CODESYS web server does not correctly check the return value of an underlying function, it
reacts in a wrong way to specifically crafted TLS packets that are received via an HTTPS connection. This
causes the CODESYS web server to access invalid memory and the web server task to crash.
Remediation: Update the following products to version 3.5.20.30.
* CODESYS Control RTE (SL)
* CODESYS Control RTE (for Beckhoff CX) SL
* CODESYS Control Win (SL)
* CODESYS HMI (SL)
* CODESYS Runtime Toolkit
* CODESYS Embedded Target Visu Toolkit
* CODESYS Remote Target Visu Toolkit
Update the following products to version 4.14.0.0.
* CODESYS Control for BeagleBone SL
* CODESYS Control for emPC-A/iMX6 SL
* CODESYS Control for Linux ARM SL
* CODESYS Control for Linux SL
* CODESYS Control for PFC100 SL
* CODESYS Control for PFC200 SL
* CODESYS Control for PLCnext SL
* CODESYS Control for Raspberry Pi SL
* CODESYS Control for WAGO Touch Panels 600 SL
* CODESYS Virtual Control SL
Update the following product to version 4.15.0.0 (Version 4.14.0.0 has not been released).
* CODESYS Control for IOT2000 SL
The products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS download area https://www.codesys.com/download .
General Recommendation: As part of a security strategy, CODESYS GmbH strongly recommends at least the following best-practice
defense measures:
* Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
* Use firewalls to protect and separate the control system network from other networks
* Activate and apply user management and password features
* Limit the access to both development and control system by physical means, operating system features, etc.
* Use encrypted communication links
* Use VPN (Virtual Private Networks) tunnels if remote access is required
* Protect both development and control system by using up to date virus detecting solutions
For more information and general recommendations for protecting machines and plants, see also the
CODESYS Security Whitepaper [here.](https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf)
Disclaimer: CODESYS GmbH assumes no liability whatsoever for indirect, collateral, accidental or consequential losses
that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided on good faith by CODESYS GmbH.
Insofar as permissible by law, however, none of this information shall establish any guarantee, commitment or
liability on the part of CODESYS GmbH.
Note: Not all CODESYS features are available in all territories. For more information on geographic restrictions,
please contact sales@codesys.com.
An unauthenticated remote attacker sending a specially crafted TLS packet on an HTTPS connection causes the CODESYS web server to access invalid memory, resulting in a DoS.
7.5 (High)
Vendor Fix
Update the following products to version 3.5.20.30.
* CODESYS Control RTE (SL)
* CODESYS Control RTE (for Beckhoff CX) SL
* CODESYS Control Win (SL)
* CODESYS HMI (SL)
* CODESYS Runtime Toolkit
* CODESYS Embedded Target Visu Toolkit
* CODESYS Remote Target Visu Toolkit
The products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS
Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will
find further information on obtaining the software update in the CODESYS download area.
Vendor Fix
Update the following products to version 4.14.0.0.
* CODESYS Control for BeagleBone SL
* CODESYS Control for emPC-A/iMX6 SL
* CODESYS Control for Linux ARM SL
* CODESYS Control for Linux SL
* CODESYS Control for PFC100 SL
* CODESYS Control for PFC200 SL
* CODESYS Control for PLCnext SL
* CODESYS Control for Raspberry Pi SL
* CODESYS Control for WAGO Touch Panels 600 SL
* CODESYS Virtual Control SL
The products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS
Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will
find further information on obtaining the software update in the CODESYS download area.
Vendor Fix
Update the following product to version 4.15.0.0 (Version 4.14.0.0 has not been released).
* CODESYS Control for IOT2000 SL
The products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS
Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will
find further information on obtaining the software update in the CODESYS download area.
References
Acknowledgments
CERT@VDE
certvde.com
ABB
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "ABB",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The CODESYS web server component of the CODESYS Control runtime system is used by the CODESYS\nWebVisu to display visualization screens in a web browser. Receiving a specifically crafted TLS packet on an\nHTTPS connection causes the CODESYS web server to crash because the return value of an underlying\nfunction is not checked correctly for such unusual conditions.",
"title": "Summary"
},
{
"category": "description",
"text": "The CODESYS web server, implemented by the CmpWebServer component, is an optional part of the\nCODESYS Control runtime system. It is used by the CODESYS WebVisu to display CODESYS visualization\nscreens in a web browser. The CODESYS web server supports both the HTTP and HTTPS protocols.\nBecause the CODESYS web server does not correctly check the return value of an underlying function, it\nreacts in a wrong way to specifically crafted TLS packets that are received via an HTTPS connection. This\ncauses the CODESYS web server to access invalid memory and the web server task to crash.",
"title": "Impact"
},
{
"category": "description",
"text": "Update the following products to version 3.5.20.30.\n* CODESYS Control RTE (SL)\n* CODESYS Control RTE (for Beckhoff CX) SL\n* CODESYS Control Win (SL)\n* CODESYS HMI (SL)\n* CODESYS Runtime Toolkit\n* CODESYS Embedded Target Visu Toolkit\n* CODESYS Remote Target Visu Toolkit\n\nUpdate the following products to version 4.14.0.0.\n* CODESYS Control for BeagleBone SL\n* CODESYS Control for emPC-A/iMX6 SL\n* CODESYS Control for Linux ARM SL\n* CODESYS Control for Linux SL\n* CODESYS Control for PFC100 SL\n* CODESYS Control for PFC200 SL\n* CODESYS Control for PLCnext SL\n* CODESYS Control for Raspberry Pi SL\n* CODESYS Control for WAGO Touch Panels 600 SL\n* CODESYS Virtual Control SL\n\nUpdate the following product to version 4.15.0.0 (Version 4.14.0.0 has not been released). \n* CODESYS Control for IOT2000 SL\n\nThe products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS download area https://www.codesys.com/download .",
"title": "Remediation"
},
{
"category": "general",
"text": "As part of a security strategy, CODESYS GmbH strongly recommends at least the following best-practice\ndefense measures:\n\n* Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n* Use firewalls to protect and separate the control system network from other networks\n* Activate and apply user management and password features\n* Limit the access to both development and control system by physical means, operating system features, etc.\n* Use encrypted communication links\n* Use VPN (Virtual Private Networks) tunnels if remote access is required\n* Protect both development and control system by using up to date virus detecting solutions\n\nFor more information and general recommendations for protecting machines and plants, see also the\nCODESYS Security Whitepaper [here.](https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf)\n",
"title": "General Recommendation"
},
{
"category": "legal_disclaimer",
"text": "CODESYS GmbH assumes no liability whatsoever for indirect, collateral, accidental or consequential losses\nthat occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided on good faith by CODESYS GmbH.\nInsofar as permissible by law, however, none of this information shall establish any guarantee, commitment or\nliability on the part of CODESYS GmbH.\n\nNote: Not all CODESYS features are available in all territories. For more information on geographic restrictions,\nplease contact sales@codesys.com.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@codesys.com",
"name": "CODESYS GmbH",
"namespace": "https://www.codesys.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for CODESYS GmbH",
"url": "https://certvde.com/en/advisories/vendor/codesys"
},
{
"category": "self",
"summary": "Advisory2024-05_VDE-2024-057: CODESYS: CODESYS web server vulnerable to DoS - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-057"
},
{
"category": "self",
"summary": "CODESYS Security Advisory 2024-05",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18604\u0026token=d5e1e2820ee63077b875b3bb41014b1f102e88a3\u0026download="
},
{
"category": "external",
"summary": "CODESYS Security Advisories",
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"category": "self",
"summary": "Advisory2024-05_VDE-2024-057: CODESYS: CODESYS web server vulnerable to DoS - CSAF",
"url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2024/advisory2024-05_vde-2024-057.json"
}
],
"title": "CODESYS: CODESYS web server vulnerable to DoS",
"tracking": {
"aliases": [
"VDE-2024-057",
"CODESYS Security Advisory 2024-05"
],
"current_release_date": "2025-04-03T10:00:00.000Z",
"generator": {
"date": "2025-03-27T10:26:55.430Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "Advisory2024-05_VDE-2024-057",
"initial_release_date": "2024-09-25T21:59:00.000Z",
"revision_history": [
{
"date": "2024-09-25T21:59:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-12-12T11:00:00.000Z",
"number": "2",
"summary": "Further software update available"
},
{
"date": "2025-04-03T10:00:00.000Z",
"number": "3",
"summary": "Fixed version information for CODESYS Control for IOT2000 SL.\nFixed typos in version ranges."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.30",
"product": {
"name": "CODESYS Control RTE (for Beckhoff CX) SL \u003c3.5.20.30",
"product_id": "CSAFPID-41001"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS Control RTE (for Beckhoff CX) SL 3.5.20.30",
"product_id": "CSAFPID-42001"
}
}
],
"category": "product_name",
"name": "Control RTE (for Beckhoff CX) SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.30",
"product": {
"name": "CODESYS Control RTE (SL) \u003c3.5.20.30",
"product_id": "CSAFPID-41002"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS Control RTE (SL) 3.5.20.30",
"product_id": "CSAFPID-42002"
}
}
],
"category": "product_name",
"name": "Control RTE (SL) "
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.30",
"product": {
"name": "CODESYS Control Win (SL) \u003c3.5.20.30",
"product_id": "CSAFPID-41003"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS Control Win (SL) 3.5.20.30",
"product_id": "CSAFPID-42003"
}
}
],
"category": "product_name",
"name": "Control Win (SL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.30",
"product": {
"name": "CODESYS Embedded Target Visu Toolkit \u003c3.5.20.30",
"product_id": "CSAFPID-41004"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS Embedded Target Visu Toolkit 3.5.20.30",
"product_id": "CSAFPID-42004"
}
}
],
"category": "product_name",
"name": "Embedded Target Visu Toolkit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.30",
"product": {
"name": "CODESYS HMI (SL) \u003c3.5.20.30",
"product_id": "CSAFPID-41005"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS HMI (SL) 3.5.20.30",
"product_id": "CSAFPID-42005"
}
}
],
"category": "product_name",
"name": "HMI (SL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.30",
"product": {
"name": "CODESYS Remote Target Visu Toolkit \u003c3.5.20.30",
"product_id": "CSAFPID-41006"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS Remote Target Visu Toolkit 3.5.20.30",
"product_id": "CSAFPID-42006"
}
}
],
"category": "product_name",
"name": "Remote Target Visu Toolkit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.30",
"product": {
"name": "CODESYS Runtime Toolkit \u003c3.5.20.30",
"product_id": "CSAFPID-41007"
}
},
{
"category": "product_version",
"name": "3.5.20.30",
"product": {
"name": "CODESYS Runtime Toolkit 3.5.20.30",
"product_id": "CSAFPID-42007"
}
}
],
"category": "product_name",
"name": "Runtime Toolkit "
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Virtual Control SL \u003c4.14.0.0",
"product_id": "CSAFPID-41008"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Virtual Control SL 4.14.0.0",
"product_id": "CSAFPID-42008"
}
}
],
"category": "product_name",
"name": "Virtual Control SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for BeagleBone SL \u003c4.14.0.0",
"product_id": "CSAFPID-41009"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for BeagleBone SL 4.14.0.0",
"product_id": "CSAFPID-42009"
}
}
],
"category": "product_name",
"name": "Control for BeagleBone SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for emPC-A/iMX6 SL \u003c4.14.0.0",
"product_id": "CSAFPID-41010"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for emPC-A/iMX6 SL 4.14.0.0",
"product_id": "CSAFPID-42010"
}
}
],
"category": "product_name",
"name": "Control for emPC-A/iMX6 SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for IOT2000 SL \u003c4.14.0.0",
"product_id": "CSAFPID-41011"
}
},
{
"category": "product_version",
"name": "4.15.0.0",
"product": {
"name": "CODESYS Control for IOT2000 SL 4.15.0.0",
"product_id": "CSAFPID-42011"
}
}
],
"category": "product_name",
"name": "Control for IOT2000 SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for Linux ARM SL \u003c4.14.0.0",
"product_id": "CSAFPID-41012"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for Linux ARM SL 4.14.0.0",
"product_id": "CSAFPID-42012"
}
}
],
"category": "product_name",
"name": "Control for Linux ARM SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for Linux SL \u003c4.14.0.0",
"product_id": "CSAFPID-41013"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for Linux SL 4.14.0.0",
"product_id": "CSAFPID-42013"
}
}
],
"category": "product_name",
"name": "Control for Linux SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for PFC100 SL \u003c4.14.0.0",
"product_id": "CSAFPID-41014"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for PFC100 SL 4.14.0.0",
"product_id": "CSAFPID-42014"
}
}
],
"category": "product_name",
"name": "Control for PFC100 SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for PFC200 SL \u003c4.14.0.0",
"product_id": "CSAFPID-41015"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for PFC200 SL 4.14.0.0",
"product_id": "CSAFPID-42015"
}
}
],
"category": "product_name",
"name": " Control for PFC200 SL "
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for PLCnext SL \u003c4.14.0.0",
"product_id": "CSAFPID-41016"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for PLCnext SL 4.14.0.0",
"product_id": "CSAFPID-42016"
}
}
],
"category": "product_name",
"name": "Control for PLCnext SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for Raspberry Pi SL \u003c4.14.0.0",
"product_id": "CSAFPID-41017"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for Raspberry Pi SL 4.14.0.0",
"product_id": "CSAFPID-42017"
}
}
],
"category": "product_name",
"name": "Control for Raspberry Pi SL "
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.14.0.0",
"product": {
"name": "CODESYS Control for WAGO Touch Panels 600 SL \u003c4.14.0.0",
"product_id": "CSAFPID-41018"
}
},
{
"category": "product_version",
"name": "4.14.0.0",
"product": {
"name": "CODESYS Control for WAGO Touch Panels 600 SL 4.14.0.0",
"product_id": "CSAFPID-42018"
}
}
],
"category": "product_name",
"name": "Control for WAGO Touch Panels 600 SL"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "CODESYS"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-41001",
"CSAFPID-41002",
"CSAFPID-41003",
"CSAFPID-41004",
"CSAFPID-41005",
"CSAFPID-41006",
"CSAFPID-41007"
],
"summary": "Affected products v3.5.x."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-42001",
"CSAFPID-42002",
"CSAFPID-42003",
"CSAFPID-42004",
"CSAFPID-42005",
"CSAFPID-42006",
"CSAFPID-42007"
],
"summary": "Fixed products v3.5.x."
},
{
"group_id": "CSAFGID-0003",
"product_ids": [
"CSAFPID-41008",
"CSAFPID-41009",
"CSAFPID-41010",
"CSAFPID-41011",
"CSAFPID-41012",
"CSAFPID-41013",
"CSAFPID-41014",
"CSAFPID-41015",
"CSAFPID-41016",
"CSAFPID-41017",
"CSAFPID-41018"
],
"summary": "Affected products v4.x."
},
{
"group_id": "CSAFGID-0004",
"product_ids": [
"CSAFPID-42008",
"CSAFPID-42009",
"CSAFPID-42010",
"CSAFPID-42012",
"CSAFPID-42013",
"CSAFPID-42014",
"CSAFPID-42015",
"CSAFPID-42016",
"CSAFPID-42017",
"CSAFPID-42018"
],
"summary": "Fixed products v4.x."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8175",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker sending a specially crafted TLS packet on an HTTPS connection causes the CODESYS web server to access invalid memory, resulting in a DoS.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-42001",
"CSAFPID-42002",
"CSAFPID-42003",
"CSAFPID-42004",
"CSAFPID-42005",
"CSAFPID-42006",
"CSAFPID-42007",
"CSAFPID-42008",
"CSAFPID-42009",
"CSAFPID-42010",
"CSAFPID-42011",
"CSAFPID-42012",
"CSAFPID-42013",
"CSAFPID-42014",
"CSAFPID-42015",
"CSAFPID-42016",
"CSAFPID-42017",
"CSAFPID-42018"
],
"known_affected": [
"CSAFPID-41001",
"CSAFPID-41002",
"CSAFPID-41003",
"CSAFPID-41004",
"CSAFPID-41005",
"CSAFPID-41006",
"CSAFPID-41007",
"CSAFPID-41008",
"CSAFPID-41009",
"CSAFPID-41010",
"CSAFPID-41011",
"CSAFPID-41012",
"CSAFPID-41013",
"CSAFPID-41014",
"CSAFPID-41015",
"CSAFPID-41016",
"CSAFPID-41017",
"CSAFPID-41018"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the following products to version 3.5.20.30.\n* CODESYS Control RTE (SL)\n* CODESYS Control RTE (for Beckhoff CX) SL\n* CODESYS Control Win (SL)\n* CODESYS HMI (SL)\n* CODESYS Runtime Toolkit\n* CODESYS Embedded Target Visu Toolkit\n* CODESYS Remote Target Visu Toolkit\n\nThe products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS\nInstaller or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will\nfind further information on obtaining the software update in the CODESYS download area.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update the following products to version 4.14.0.0.\n* CODESYS Control for BeagleBone SL\n* CODESYS Control for emPC-A/iMX6 SL\n* CODESYS Control for Linux ARM SL\n* CODESYS Control for Linux SL\n* CODESYS Control for PFC100 SL\n* CODESYS Control for PFC200 SL\n* CODESYS Control for PLCnext SL\n* CODESYS Control for Raspberry Pi SL\n* CODESYS Control for WAGO Touch Panels 600 SL\n* CODESYS Virtual Control SL\n\nThe products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS\nInstaller or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will\nfind further information on obtaining the software update in the CODESYS download area.",
"group_ids": [
"CSAFGID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update the following product to version 4.15.0.0 (Version 4.14.0.0 has not been released). \n* CODESYS Control for IOT2000 SL\n\nThe products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS\nInstaller or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will\nfind further information on obtaining the software update in the CODESYS download area.",
"product_ids": [
"CSAFPID-41011"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-41001",
"CSAFPID-41002",
"CSAFPID-41003",
"CSAFPID-41004",
"CSAFPID-41005",
"CSAFPID-41006",
"CSAFPID-41007",
"CSAFPID-41008",
"CSAFPID-41009",
"CSAFPID-41010",
"CSAFPID-41011",
"CSAFPID-41012",
"CSAFPID-41013",
"CSAFPID-41014",
"CSAFPID-41015",
"CSAFPID-41016",
"CSAFPID-41017",
"CSAFPID-41018"
]
}
],
"title": "CVE-2024-8175"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…