VDE-2021-033
Vulnerability from csaf_trumpfsecokg - Published: 2021-08-12 13:02 - Updated: 2021-08-12 13:02Summary
TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities
Notes
Summary: The TruControl laser control software (versions 1.04 to 3.0.0) uses CODESYS runtime versions affected by multiple CVEs:
**CVE list:**
- CVE-2021-29242
- CVE-2021-29241
- CVE-2019-5105
- CVE-2020-7052
- CVE-2019-9012
- CVE-2019-9010
- CVE-2019-9009
- CVE-2018-10612
In addition to the CVEs listed above, the affected products are also vulnerable to the following issues without a CVE ID:
---
### **CODESYS Advisory 2018-07**
A crafted communication request may cause an access violation in the affected CODESYS products and may result in a denial-of-service condition.
- **CVSS v3.0 base score:** 6.5
- **CVSS v3.0 vector:** `CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H`
🔗 [Link to advisory](https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12928&token=6d1dcea05a15aeef7ad48eadc64c8eca5d4f07b2&download=)
---
### **CODESYS Advisory 2018-04**
The CODESYS runtime system allows access to files outside the restricted working directory of the controller by online services.
- **CVSS v3.0 base score:** 9.9
- **CVSS v3.0 vector:** `CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`
🔗 [Link to advisory](https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12925&token=50e7240fa947ea215311e3db441f82152f1109b6&download=)
---
### **CODESYS Advisory 2017-03**
A crafted request may cause an access violation in the affected CODESYS products and may result in a denial-of-service condition.
- **CVSS v3.0 base score:** 7.5
- **CVSS v3.0 vector:** `CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
🔗 [Link to advisory](https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12912&token=2f23e7f047c2768dd06fdf072de49a7ba1fe9687&download=)
Impact: To be able to exploit this vulnerability the attacker first needs to gain any kind of network access to the system.
When the system is reachable over the network these vulnerabilities can be exploited with following possible impacts/damages to the system:
- Data loss in the laser control
- Standstill of production
- Damage by change of the laser control
- Interception of sensitive data
Safety is not affected since it is controlled by an independent electromechanical safety mechanism.
Remediation: - We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
7.5 (High)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
6.5 (Medium)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
7.5 (High)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
9.8 (Critical)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
7.5 (High)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
9.8 (Critical)
Vendor Fix
- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible
- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update
References
Acknowledgments
CERTVDE
certvde.com
CODESYS GmbH
de.codesys.com
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "CODESYS GmbH",
"summary": "reported",
"urls": [
"https://de.codesys.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The TruControl laser control software (versions 1.04 to 3.0.0) uses CODESYS runtime versions affected by multiple CVEs:\n\n**CVE list:**\n\n- CVE-2021-29242\n- CVE-2021-29241\n- CVE-2019-5105\n- CVE-2020-7052\n- CVE-2019-9012\n- CVE-2019-9010\n- CVE-2019-9009\n- CVE-2018-10612\n\nIn addition to the CVEs listed above, the affected products are also vulnerable to the following issues without a CVE ID:\n\n---\n\n### **CODESYS Advisory 2018-07**\n\nA crafted communication request may cause an access violation in the affected CODESYS products and may result in a denial-of-service condition.\n\n- **CVSS v3.0 base score:** 6.5 \n- **CVSS v3.0 vector:** `CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H`\n\n\ud83d\udd17 [Link to advisory](https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12928\u0026token=6d1dcea05a15aeef7ad48eadc64c8eca5d4f07b2\u0026download=)\n\n---\n\n### **CODESYS Advisory 2018-04**\n\nThe CODESYS runtime system allows access to files outside the restricted working directory of the controller by online services.\n\n- **CVSS v3.0 base score:** 9.9 \n- **CVSS v3.0 vector:** `CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`\n\n\ud83d\udd17 [Link to advisory](https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12925\u0026token=50e7240fa947ea215311e3db441f82152f1109b6\u0026download=)\n\n---\n\n### **CODESYS Advisory 2017-03**\n\nA crafted request may cause an access violation in the affected CODESYS products and may result in a denial-of-service condition.\n\n- **CVSS v3.0 base score:** 7.5 \n- **CVSS v3.0 vector:** `CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`\n\n\ud83d\udd17 [Link to advisory](https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12912\u0026token=2f23e7f047c2768dd06fdf072de49a7ba1fe9687\u0026download=)",
"title": "Summary"
},
{
"category": "description",
"text": "To be able to exploit this vulnerability the attacker first needs to gain any kind of network access to the system.\nWhen the system is reachable over the network these vulnerabilities can be exploited with following possible impacts/damages to the system:\n\n- Data loss in the laser control\n- Standstill of production\n- Damage by change of the laser control\n- Interception of sensitive data\n\nSafety is not affected since it is controlled by an independent electromechanical safety mechanism.",
"title": "Impact"
},
{
"category": "description",
"text": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product.security@trumpf.com",
"name": "Trumpf SE + Co. KG",
"namespace": "https://www.trumpf.com"
},
"references": [
{
"category": "external",
"summary": "TRUMPF Laser SE - PSIRT",
"url": "https://www.trumpf.com/en_US/meta/security-with-trumpf/security-advisories/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://certvde.com/en/advisories/vendor/trumpf-laser/"
},
{
"category": "self",
"summary": "VDE-2021-033: TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-1900-0815/"
},
{
"category": "self",
"summary": "VDE-2021-033: TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities - CSAF",
"url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-033.json"
}
],
"title": "TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-033"
],
"current_release_date": "2021-08-12T13:02:00.001Z",
"generator": {
"date": "2025-06-05T07:47:26.133Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "VDE-2021-033",
"initial_release_date": "2021-08-12T13:02:00.001Z",
"revision_history": [
{
"date": "2021-08-12T13:02:00.001Z",
"number": "1",
"summary": "initial revision"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in redpowerDirect 1.04\u003c3.16.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in redpowerDirect 3.16.0",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "TruControl in redpowerDirect"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruDiode 1.04\u003c3.16.0",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruDiode 3.16.0",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "TruControl in TruDiode"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruDisk 1.04\u003c3.16.0",
"product_id": "CSAFPID-51003"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruDisk 3.16.0",
"product_id": "CSAFPID-52003"
}
}
],
"category": "product_name",
"name": "TruControl in TruDisk"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruFiber 1.04\u003c3.16.0",
"product_id": "CSAFPID-51004"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruFiber 3.16.0",
"product_id": "CSAFPID-52004"
}
}
],
"category": "product_name",
"name": "TruControl in TruFiber"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruMicro2000 1.04\u003c3.16.0",
"product_id": "CSAFPID-51005"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruMicro2000 3.16.0",
"product_id": "CSAFPID-52005"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro2000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruMicro5000 1.04\u003c3.16.0",
"product_id": "CSAFPID-51006"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruMicro5000 3.16.0",
"product_id": "CSAFPID-52006"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro5000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruMicro6000 1.04\u003c3.16.0",
"product_id": "CSAFPID-51007"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruMicro6000 3.16.0",
"product_id": "CSAFPID-52007"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro6000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruMicro7000 1.04\u003c3.16.0",
"product_id": "CSAFPID-51008"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruMicro7000 3.16.0",
"product_id": "CSAFPID-52008"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro7000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruMicro8000 1.04\u003c3.16.0",
"product_id": "CSAFPID-51009"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruMicro8000 3.16.0",
"product_id": "CSAFPID-52009"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro8000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruMicro9000 1.04\u003c3.16.0",
"product_id": "CSAFPID-510010"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruMicro9000 3.16.0",
"product_id": "CSAFPID-520010"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro9000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.04\u003c3.16.0",
"product": {
"name": "TruControl in TruPulse 1.04\u003c3.16.0",
"product_id": "CSAFPID-510011"
}
},
{
"category": "product_version",
"name": "3.16.0",
"product": {
"name": "TruControl in TruPulse 3.16.0",
"product_id": "CSAFPID-520011"
}
}
],
"category": "product_name",
"name": "TruControl in TruPulse"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "TRUMPF"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
],
"summary": "affected products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"summary": "fixed products"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2021-29242"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2019-5105",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2019-5105"
},
{
"cve": "CVE-2020-7052",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2020-7052"
},
{
"cve": "CVE-2019-9012",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2019-9012"
},
{
"cve": "CVE-2019-9010",
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2019-9010"
},
{
"cve": "CVE-2019-9009",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2019-9009"
},
{
"cve": "CVE-2018-10612",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "description",
"text": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-520010",
"CSAFPID-520011"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "- We highly recommend updating to TruControl version 3.16.0 or higher as soon as possible\n- Please contact your service partner (service.tls@trumpf.com) for immediate instructions on how to retrieve the update",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2018-10612"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…