CODESYS WebVisu products exist high-risk vulnerabilities

According to securityaffairs on Feb. 2, Istury IOT security researcher found a stack-based buffer overflow vulnerability in the web server component of 3S-Smart Software Solutions’ CODESYS WebVisu product, allowing users to view programmable logic in a web browser Man-machine interface (HMI) of a controller (PLC). According to the researchers, an attacker could trigger Denial of Service (DoS) by remotely triggering the vulnerability and in some cases execute arbitrary code on the Web server. This loophole can result in a large number of ICS (Industrial Control Systems) products being affected or posing a serious threat to critical infrastructure.

WebVisu products are currently used in 116 PLCs and HMIs of many suppliers, including Schneider Electric, Hitachi, Advantech, Burgherhof Automation, Hansture and NEXCOM.

The expert tracked the vulnerability as CVE-2018-5440 and assigned it a CVSS score of 9.8.

According to experts, this vulnerability affects all CODESYS V2.3 Web servers based on Microsoft Windows (also WinCE) that can run standalone or as part of the CODESYS system (prior to Version 1.1.9.19).

To make matters worse, the researchers thought the vulnerability could easily be exploited by attackers, but there are no specific examples of field attacks yet.

Using shodan to query port 2455 used by the CODESYS protocol, over 5,600 systems were exposed to the public network, most of them in the United States, Germany, Turkey, and China.

CODESYS said it has released CODESYS V2.3, a CODESYS Web server V.1.1.9.19, to address this vulnerability, and related vendors have also advised users to restrict access to the “controller” while using firewalls and VPNs to control access.

Source: SecurityAffairs