VDE-2024-026
Vulnerability from csaf_codesysgmbh - Published: 2024-06-04 08:00 - Updated: 2025-05-14 13:00Summary
CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products
Notes
Summary: The CODESYS OPC UA stack of the CODESYS Control runtime system may incorrectly calculate the required buffer size for received requests/responses. This can lead to a crash of the CODESYS runtime system during the subsequent initialization of the receive buffer with zero.
Update: 10.07.2024 In the Remediation section, the release date of the update has been deleted as the update is now available.
Impact: The CODESYS OPC UA stack, implemented by the CmpOPCUAStack component, is an optional part of the CODESYS runtime system. Both the CODESYS OPC UA Server and the CODESYS OPC UA Client of the CODESYS Control runtime system use the CODESYS OPC UA Stack as a common implementation. The OPC UA protocol enables data exchange between the CODESYS runtime system and OPC UA clients such as SCADA or HMIs, or OPC UA servers such as PLCs or other devices.
If a CODESYS runtime system containing the CmpOPCUAStack component receives a specially crafted request/response, the required buffer size in the CODESYS OPC UA server/client may be incorrectly calculated. This can lead to a crash of the CODESYS runtime system during the subsequent initialization of the receive buffer with zero.
An attacker can exploit this vulnerability by using a malicious OPC UA client to send a crafted request to CODESYS products with an affected CODESYS OPC UA server. Conversely, CODESYS products with an affected CODESYS OPC UA client can be crashed if they have connected to a malicious OPC UA server. CODESYS Control runtime systems usually contain both the OPC UA client and the server. The CODESYS HMI only includes the OPC UA client.
Mitigation: Starting from version 3.5.15.0 of the affected products, the incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system is limited to a value of 10129639 or less.
This can be achieved by adding the following setting in the CODESYS runtime configuration file (e.g. CODESYSControl.cfg):
[CmpOPCUAStack]
Stack.MaxArrayLenth=10129639
Remediation: Update the following products to version 3.5.20.10:
• CODESYS Control RTE (SL)
• CODESYS Control RTE (for Beckhoff CX) SL
• CODESYS Control Win (SL)
• CODESYS Runtime Toolkit
• CODESYS HMI (SL)
Update the following products to version 4.12.0.0:
• CODESYS Control for BeagleBone SL
• CODESYS Control for emPC-A/iMX6 SL
• CODESYS Control for IOT2000 SL
• CODESYS Control for Linux ARM SL
• CODESYS Control for Linux SL
• CODESYS Control for PFC100 SL
• CODESYS Control for PFC200 SL
• CODESYS Control for PLCnext SL
• CODESYS Control for Raspberry Pi SL
• CODESYS Control for WAGO Touch Panels 600 SL
The products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS download area.
7.5 (High)
Mitigation
Starting from version 3.5.15.0 of the affected products, the incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system is limited to a value of 10129639 or less.
This can be achieved by adding the following setting in the CODESYS runtime configuration file (e.g. CODESYSControl.cfg):
[CmpOPCUAStack]
Stack.MaxArrayLenth=10129639
Vendor Fix
Update the following products to version 3.5.20.10:
• CODESYS Control RTE (SL)
• CODESYS Control RTE (for Beckhoff CX) SL
• CODESYS Control Win (SL)
• CODESYS Runtime Toolkit
• CODESYS HMI (SL)
Update the following products to version 4.12.0.0:
• CODESYS Control for BeagleBone SL
• CODESYS Control for emPC-A/iMX6 SL
• CODESYS Control for IOT2000 SL
• CODESYS Control for Linux ARM SL
• CODESYS Control for Linux SL
• CODESYS Control for PFC100 SL
• CODESYS Control for PFC200 SL
• CODESYS Control for PLCnext SL
• CODESYS Control for Raspberry Pi SL
• CODESYS Control for WAGO Touch Panels 600 SL
The products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS download area.
References
Acknowledgments
CERTVDE
certvde.com
ABB Schweiz AG
new.abb.com
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "ABB Schweiz AG",
"summary": "reporting",
"urls": [
"https://new.abb.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The CODESYS OPC UA stack of the CODESYS Control runtime system may incorrectly calculate the required buffer size for received requests/responses. This can lead to a crash of the CODESYS runtime system during the subsequent initialization of the receive buffer with zero.\n\nUpdate: 10.07.2024 In the Remediation section, the release date of the update has been deleted as the update is now available.",
"title": "Summary"
},
{
"category": "description",
"text": "The CODESYS OPC UA stack, implemented by the CmpOPCUAStack component, is an optional part of the CODESYS runtime system. Both the CODESYS OPC UA Server and the CODESYS OPC UA Client of the CODESYS Control runtime system use the CODESYS OPC UA Stack as a common implementation. The OPC UA protocol enables data exchange between the CODESYS runtime system and OPC UA clients such as SCADA or HMIs, or OPC UA servers such as PLCs or other devices.\n\nIf a CODESYS runtime system containing the CmpOPCUAStack component receives a specially crafted request/response, the required buffer size in the CODESYS OPC UA server/client may be incorrectly calculated. This can lead to a crash of the CODESYS runtime system during the subsequent initialization of the receive buffer with zero.\n\nAn attacker can exploit this vulnerability by using a malicious OPC UA client to send a crafted request to CODESYS products with an affected CODESYS OPC UA server. Conversely, CODESYS products with an affected CODESYS OPC UA client can be crashed if they have connected to a malicious OPC UA server. CODESYS Control runtime systems usually contain both the OPC UA client and the server. The CODESYS HMI only includes the OPC UA client.",
"title": "Impact"
},
{
"category": "description",
"text": "Starting from version 3.5.15.0 of the affected products, the incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system is limited to a value of 10129639 or less.\n\nThis can be achieved by adding the following setting in the CODESYS runtime configuration file (e.g. CODESYSControl.cfg):\n[CmpOPCUAStack]\nStack.MaxArrayLenth=10129639",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update the following products to version 3.5.20.10:\n\n\n\u2022 CODESYS Control RTE (SL) \n\n\n \u2022 CODESYS Control RTE (for Beckhoff CX) SL \n\n\n \u2022 CODESYS Control Win (SL)\n\n\n\u2022 CODESYS Runtime Toolkit\n\n\n\u2022 CODESYS HMI (SL)\n\n\n\nUpdate the following products to version 4.12.0.0:\n\n\n\u2022 CODESYS Control for BeagleBone SL\n\n\n\u2022 CODESYS Control for emPC-A/iMX6 SL\n\n\n\u2022 CODESYS Control for IOT2000 SL\n\n\n\u2022 CODESYS Control for Linux ARM SL\n\n\n\u2022 CODESYS Control for Linux SL\n\n\n\u2022 CODESYS Control for PFC100 SL\n\n\n\u2022 CODESYS Control for PFC200 SL\n\n\n\u2022 CODESYS Control for PLCnext SL\n\n\n\u2022 CODESYS Control for Raspberry Pi SL\n\n\n\u2022 CODESYS Control for WAGO Touch Panels 600 SL\n\n\n\nThe products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS download area.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@codesys.com",
"name": "CODESYS GmbH",
"namespace": "https://www.codesys.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2024-026: CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products - HTML",
"url": "https://certvde.com/de/advisories/VDE-2024-026/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for CODESYS GmbH",
"url": "https://certvde.com/en/advisories/vendor/codesys/"
},
{
"category": "self",
"summary": "VDE-2024-026: CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products - CSAF",
"url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-026.json"
}
],
"title": "CODESYS: Vulnerability can cause a DoS on CODESYS OPC UA products",
"tracking": {
"aliases": [
"VDE-2024-026"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-04-10T15:17:44.107Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2024-026",
"initial_release_date": "2024-06-04T08:00:00.000Z",
"revision_history": [
{
"date": "2024-06-04T08:00:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CODESYS Control for BeagleBone SL",
"product": {
"name": "CODESYS Control for BeagleBone SL",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "CODESYS Control for emPC-A/iMX6 SL",
"product": {
"name": "CODESYS Control for emPC-A/iMX6 SL",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "CODESYS Control for IOT2000 SL",
"product": {
"name": "CODESYS Control for IOT2000 SL",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "CODESYS Control for Linux ARM SL",
"product": {
"name": "CODESYS Control for Linux ARM SL",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "CODESYS Control for Linux SL",
"product": {
"name": "CODESYS Control for Linux SL",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "CODESYS Control for PFC100 SL",
"product": {
"name": "CODESYS Control for PFC100 SL",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "CODESYS Control for PFC200 SL",
"product": {
"name": "CODESYS Control for PFC200 SL",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "CODESYS Control for PLCnext SL",
"product": {
"name": "CODESYS Control for PLCnext SL",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "CODESYS Control for Raspberry Pi SL",
"product": {
"name": "CODESYS Control for Raspberry Pi SL",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "CODESYS Control for WAGO Touch Panels 600 SL",
"product": {
"name": "CODESYS Control for WAGO Touch Panels 600 SL",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "CODESYS Runtime Toolkit",
"product": {
"name": "CODESYS Runtime Toolkit",
"product_id": "CSAFPID-12015"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.12.0.0",
"product": {
"name": "Firmware \u003c4.12.0.0",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "4.12.0.0",
"product": {
"name": "Firmware 4.12.0.0",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "3.5.20.10",
"product": {
"name": "Firmware 3.5.20.10",
"product_id": "CSAFPID-22015"
}
},
{
"category": "product_version_range",
"name": "\u003c3.5.20.10",
"product": {
"name": "Firmware \u003c3.5.20.10",
"product_id": "CSAFPID-21015"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "CODESYS GmbH"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CODESYS Control RTESL",
"product": {
"name": "CODESYS Control RTESL",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "CODESYS Control RTE",
"product": {
"name": "CODESYS Control RTE",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "CODESYS Control Win",
"product": {
"name": "CODESYS Control Win",
"product_id": "CSAFPID-11013"
}
},
{
"category": "product_name",
"name": "CODESYS HMI",
"product": {
"name": "CODESYS HMI",
"product_id": "CSAFPID-11014"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.20.10",
"product": {
"name": "Firmware \u003c3.5.20.10",
"product_id": "CSAFPID-21011"
}
},
{
"category": "product_version",
"name": "3.5.20.10",
"product": {
"name": "Firmware 3.5.20.10",
"product_id": "CSAFPID-22011"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "generic_vendor"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015"
],
"summary": "affected products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015"
],
"summary": "fixed products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for BeagleBone SL",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for BeagleBone SL",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for emPC-A/iMX6 SL",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for emPC-A/iMX6 SL",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for IOT2000 SL",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for IOT2000 SL",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for Linux ARM SL",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for Linux ARM SL",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for Linux SL",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for Linux SL",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for PFC100 SL",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for PFC100 SL",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for PFC200 SL",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for PFC200 SL",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for PLCnext SL",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for PLCnext SL",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for Raspberry Pi SL",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for Raspberry Pi SL",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c4.12.0.0 installed on CODESYS Control for WAGO Touch Panels 600 SL",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 4.12.0.0 installed on CODESYS Control for WAGO Touch Panels 600 SL",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.5.20.10 installed on CODESYS Control RTESL",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.5.20.10 installed on CODESYS Control RTESL",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.5.20.10 installed on CODESYS Control RTE",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.5.20.10 installed on CODESYS Control RTE",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.5.20.10 installed on CODESYS Control Win",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.5.20.10 installed on CODESYS Control Win",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.5.20.10 installed on CODESYS HMI",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.5.20.10 installed on CODESYS HMI",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22011",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.5.20.10 installed on CODESYS Runtime Toolkit",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22015",
"relates_to_product_reference": "CSAFPID-12015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.5.20.10 installed on CODESYS Runtime Toolkit",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21015",
"relates_to_product_reference": "CSAFPID-12015"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5000",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size."
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Starting from version 3.5.15.0 of the affected products, the incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system is limited to a value of 10129639 or less.\n\nThis can be achieved by adding the following setting in the CODESYS runtime configuration file (e.g. CODESYSControl.cfg):\n[CmpOPCUAStack]\nStack.MaxArrayLenth=10129639",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update the following products to version 3.5.20.10:\n\n\n\u2022 CODESYS Control RTE (SL) \n\n\n \u2022 CODESYS Control RTE (for Beckhoff CX) SL \n\n\n \u2022 CODESYS Control Win (SL)\n\n\n\u2022 CODESYS Runtime Toolkit\n\n\n\u2022 CODESYS HMI (SL)\n\n\n\nUpdate the following products to version 4.12.0.0:\n\n\n\u2022 CODESYS Control for BeagleBone SL\n\n\n\u2022 CODESYS Control for emPC-A/iMX6 SL\n\n\n\u2022 CODESYS Control for IOT2000 SL\n\n\n\u2022 CODESYS Control for Linux ARM SL\n\n\n\u2022 CODESYS Control for Linux SL\n\n\n\u2022 CODESYS Control for PFC100 SL\n\n\n\u2022 CODESYS Control for PFC200 SL\n\n\n\u2022 CODESYS Control for PLCnext SL\n\n\n\u2022 CODESYS Control for Raspberry Pi SL\n\n\n\u2022 CODESYS Control for WAGO Touch Panels 600 SL\n\n\n\nThe products available as CODESYS add-ons can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS download area.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015"
]
}
],
"title": "CVE-2024-5000"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…