VDE-2021-054
Vulnerability from csaf_pilzgmbhcokg - Published: 2022-04-26 10:00 - Updated: 2022-04-26 10:00Summary
Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system
Notes
Summary: Several Pilz products use Versions V2 and V3 of the CODESYS runtime system from CODESYS GmbH, which enables the execution of IEC 61131-3 PLC programs. These runtime environments contain several vulnerabilities, which an attacker can exploit via the network. Successful exploitation of the vulnerabilities results in reduced availability and, in a worst case, to the insertion of program code.
Impact: The affected products use the CODESYS runtime environment from CODESYS GmbH. Either Version V2 or V3 is active, depending on the configuration. V3 is activated upon delivery. These runtime environments contain the listed vulnerabilities. Some of the vulnerabilities only affect either version V2 or V3 of the CODESYS runtime environment.
General countermeasures: Use a firewall or comparable measures at network level to protect the devices from unauthorised network communication.
Employ user management to restrict online access to authorised persons.
Remediation: PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
6.5 (Medium)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
8.1 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
9.8 (Critical)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
6.5 (Medium)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
8.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
7.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
8.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
5.3 (Medium)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.
6.5 (Medium)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several Pilz products use Versions V2 and V3 of the CODESYS runtime system from CODESYS GmbH, which enables the execution of IEC 61131-3 PLC programs. These runtime environments contain several vulnerabilities, which an attacker can exploit via the network. Successful exploitation of the vulnerabilities results in reduced availability and, in a worst case, to the insertion of program code.",
"title": "Summary"
},
{
"category": "description",
"text": "The affected products use the CODESYS runtime environment from CODESYS GmbH. Either Version V2 or V3 is active, depending on the configuration. V3 is activated upon delivery. These runtime environments contain the listed vulnerabilities. Some of the vulnerabilities only affect either version V2 or V3 of the CODESYS runtime environment.",
"title": "Impact"
},
{
"category": "general",
"text": "Use a firewall or comparable measures at network level to protect the devices from unauthorised network communication.\nEmploy user management to restrict online access to authorised persons.",
"title": "General countermeasures"
},
{
"category": "general",
"text": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-054: Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-054/"
},
{
"category": "self",
"summary": "VDE-2021-054: Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2021-054.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.pilz.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
}
],
"title": "Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system",
"tracking": {
"aliases": [
"VDE-2021-054"
],
"current_release_date": "2022-04-26T10:00:00.000Z",
"generator": {
"date": "2025-05-14T13:21:16.214Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2021-054",
"initial_release_date": "2022-04-26T10:00:00.000Z",
"revision_history": [
{
"date": "2022-04-26T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Motion controller PMCprimo C",
"product": {
"name": "Motion controller PMCprimo C",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"680175",
"680052",
"680053",
"680054",
"680055",
"680062",
"680063",
"680064",
"680065",
"680162",
"680163",
"680164",
"680165",
"680172",
"680173",
"680174"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo C2.0 (plug-in card)",
"product": {
"name": "Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"680182",
"680183",
"680184",
"680185"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo C2.1 (housing version)",
"product": {
"name": "Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"680192",
"680193",
"680194",
"680195"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo MC",
"product": {
"name": "Motion controller PMCprimo MC",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"680082",
"680083",
"680084",
"680085"
]
}
}
},
{
"category": "product_name",
"name": "Operator terminal/controller PMI 6 primo",
"product": {
"name": "Operator terminal/controller PMI 6 primo",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"265608",
"265613",
"264639"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=03.07.00",
"product": {
"name": "Firmware \u003c=03.07.00",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "03.08.00",
"product": {
"name": "Firmware 03.08.00",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Motion controller PMCprimo C",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo MC",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Operator terminal/controller PMI 6 primo",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo MC",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-36764"
},
{
"cve": "CVE-2021-34596",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "description",
"text": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34596"
},
{
"cve": "CVE-2021-34595",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34595"
},
{
"cve": "CVE-2021-34593",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34593"
},
{
"cve": "CVE-2021-30195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30195"
},
{
"cve": "CVE-2021-30188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29242"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2020-7052",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-7052"
},
{
"cve": "CVE-2020-6081",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-6081"
},
{
"cve": "CVE-2020-12069",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-12069"
},
{
"cve": "CVE-2020-12067",
"cwe": {
"id": "CWE-640",
"name": "Weak Password Recovery Mechanism for Forgotten Password"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-12067"
},
{
"cve": "CVE-2019-9013",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9013"
},
{
"cve": "CVE-2019-9011",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9011"
},
{
"cve": "CVE-2019-9009",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9009"
},
{
"cve": "CVE-2019-5105",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-5105"
},
{
"cve": "CVE-2019-19789",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-19789"
},
{
"cve": "CVE-2021-30186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30186"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…