VDE-2024-072

Vulnerability from csaf_wagogmbhcokg - Published: 2024-12-03 11:00 - Updated: 2024-12-03 11:00
Summary
WAGO: Vulnerabilities in CODESYS Control
Severity
High
Notes
Summary: The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.
Impact: The configuration UI called web based management is part of the control runtime system and is also used for the visualization of running applications. Because the web server does not correctly check the return value of an underlying function, it reacts in a wrong way to specifically crafted TLS packets that are received via an HTTPS connection. This causes the web server to access invalid memory and the web server task to crash.
Remediation: Update to Firmware version 01.04.07 (FW4).
CVE-2024-8175

Receiving a specifically crafted TLS packet on an HTTPS connection causes the CODESYS web server to crash because the return value of an underlying function is not checked correctly for such unusual conditions.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Vendor Fix Update to Firmware version 01.04.07 (FW4).
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "High"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The configuration UI called web based management is part of the control runtime system and is also used for the visualization of running applications. Because the web server does not correctly check the return value of an underlying function, it reacts in a  wrong way to specifically crafted TLS packets that are received via an HTTPS connection. This causes the web server to access invalid memory and the web server task to crash.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update to Firmware version 01.04.07 (FW4).",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@wago.com",
      "name": "WAGO GmbH \u0026 Co. KG",
      "namespace": "https://www.wago.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for WAGO",
        "url": "https://certvde.com/de/advisories/vendor/wago/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-072: WAGO: Vulnerabilities in CODESYS Control - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-072"
      },
      {
        "category": "self",
        "summary": "VDE-2024-072: WAGO: Vulnerabilities in CODESYS Control - CSAF",
        "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-072.json"
      }
    ],
    "source_lang": "en",
    "title": "WAGO: Vulnerabilities in CODESYS Control",
    "tracking": {
      "aliases": [
        "VDE-2024-072"
      ],
      "current_release_date": "2024-12-03T11:00:00.000Z",
      "generator": {
        "date": "2024-12-02T08:10:08.806Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.15"
        }
      },
      "id": "VDE-2024-072",
      "initial_release_date": "2024-12-03T11:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-12-03T11:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "0751-8000",
                    "product": {
                      "name": "Basic Controller 0751-8000",
                      "product_id": "CSAFPID-11001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "0751-9?01"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "0750-8001",
                    "product": {
                      "name": "Basic Controller 0750-8001",
                      "product_id": "CSAFPID-11002"
                    }
                  }
                ],
                "category": "product_family",
                "name": "Basic Controller"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=01.03.03 (FW3)",
                "product": {
                  "name": "Firmware \u003c=01.03.03 (FW3)",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "01.04.07 (FW4)",
                "product": {
                  "name": "Firmware 01.04.07 (FW4)",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "WAGO"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=01.03.03 (FW3) installed on Basic Controller 0751-8000",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=01.03.03 (FW3) installed on Basic Controller 0750-8001",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 01.04.07 (FW4) installed on Basic Controller 0751-8000",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 01.04.07 (FW4) installed on Basic Controller 0750-8001",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8175",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "Receiving a specifically crafted TLS packet on an HTTPS connection causes the CODESYS web server to crash because the return value of an underlying function is not checked correctly for such unusual conditions.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CODESYS Advisory 2024-05",
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18604\u0026token=d5e1e2820ee63077b875b3bb41014b1f102e88a3\u0026download="
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-04T09:00:00.000Z",
          "details": "Update to Firmware version 01.04.07 (FW4).",
          "product_ids": [
            "CSAFPID-31001",
            "CSAFPID-31002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002"
          ]
        }
      ],
      "title": "CVE-2024-8175"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.