VDE-2023-035
Vulnerability from csaf_codesysgmbh - Published: 2023-12-05 07:00 - Updated: 2023-12-05 07:00Summary
CODESYS: Multiple products affected by WIBU Codemeter vulnerability
Notes
Summary: Several CODESYS setups contain and install vulnerable versions of the WIBU CodeMeter Runtime.
Impact: The CODESYS Development System is an IEC 61131-3 programming tool for PLCs based on the CODESYSControl runtime system, which enables embedded or PC-based devices to be a programmable industrialcontroller. All affected CODESYS products install and use the WIBU CodeMeter Runtime for licensemanagement. The manufacturer WIBU-SYSTEMS AG has reported a heap buffer overflow vulnerability in theWIBU CodeMeter Runtime, which can potentially lead to a remote code execution.
Mitigation: WIBU-SYSTEMS AG recommends updating to CodeMeter Runtime version 7.60c to fix the vulnerability.
Until an update is available for the affected CODESYS products or if this is not to be installed, CODESYS
GmbH recommends downloading and installing the current CodeMeter Runtime directly from the website of
WIBU-SYSTEMS AG (https://www.wibu.com/support/user/user-software.html).
If neither an update of the affected CODESYS products nor an update of the WIBU CodeMeter Runtime can be performed, you may find further mitigations in the Security Advisory WIBU-230704-01 provided by WIBUSYSTEMS AG (https://www.wibu.com/support/security-advisories.html).
Remediation: Update the following products to version 3.5.19.30.
• CODESYS Control RTE (SL)
• CODESYS Control RTE (for Beckhoff CX) SL
• CODESYS Control Win (SL)
• CODESYS HMI (SL)
• CODESYS Development System
• CODESYS OPC DA Server SL
Update the following products to version to 4.10.0.0.
• CODESYS Control for Linux SL
• CODESYS Control for Linux ARM SL
For the legacy CODESYS V2 products, no new version is scheduled.
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
9.8 (Critical)
Mitigation
WIBU-SYSTEMS AG recommends updating to CodeMeter Runtime version 7.60c to fix the vulnerability.
Until an update is available for the affected CODESYS products or if this is not to be installed, CODESYS
GmbH recommends downloading and installing the current CodeMeter Runtime directly from the website of
WIBU-SYSTEMS AG (https://www.wibu.com/support/user/user-software.html).
If neither an update of the affected CODESYS products nor an update of the WIBU CodeMeter Runtime can be performed, you may find further mitigations in the Security Advisory WIBU-230704-01 provided by WIBUSYSTEMS AG (https://www.wibu.com/support/security-advisories.html).
Vendor Fix
Update the following products to version 3.5.19.30.
• CODESYS Control RTE (SL)
• CODESYS Control RTE (for Beckhoff CX) SL
• CODESYS Control Win (SL)
• CODESYS HMI (SL)
• CODESYS Development System
• CODESYS OPC DA Server SL
Update the following products to version to 4.10.0.0.
• CODESYS Control for Linux SL
• CODESYS Control for Linux ARM SL
For the legacy CODESYS V2 products, no new version is scheduled.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several CODESYS setups contain and install vulnerable versions of the WIBU CodeMeter Runtime.",
"title": "Summary"
},
{
"category": "description",
"text": "The CODESYS Development System is an IEC 61131-3 programming tool for PLCs based on the CODESYSControl runtime system, which enables embedded or PC-based devices to be a programmable industrialcontroller. All affected CODESYS products install and use the WIBU CodeMeter Runtime for licensemanagement. The manufacturer WIBU-SYSTEMS AG has reported a heap buffer overflow vulnerability in theWIBU CodeMeter Runtime, which can potentially lead to a remote code execution.",
"title": "Impact"
},
{
"category": "description",
"text": "WIBU-SYSTEMS AG recommends updating to CodeMeter Runtime version 7.60c to fix the vulnerability.\n\nUntil an update is available for the affected CODESYS products or if this is not to be installed, CODESYS\nGmbH recommends downloading and installing the current CodeMeter Runtime directly from the website of\nWIBU-SYSTEMS AG (https://www.wibu.com/support/user/user-software.html).\n\nIf neither an update of the affected CODESYS products nor an update of the WIBU CodeMeter Runtime can be performed, you may find further mitigations in the Security Advisory WIBU-230704-01 provided by WIBUSYSTEMS AG (https://www.wibu.com/support/security-advisories.html).",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update the following products to version 3.5.19.30.\n\n\u2022 CODESYS Control RTE (SL)\n\n\u2022 CODESYS Control RTE (for Beckhoff CX) SL\n\n\u2022 CODESYS Control Win (SL)\n\n\u2022 CODESYS HMI (SL)\n\n\u2022 CODESYS Development System \n\n\u2022 CODESYS OPC DA Server SL\n\nUpdate the following products to version to 4.10.0.0.\n\n\u2022 CODESYS Control for Linux SL\n\n\u2022 CODESYS Control\u00a0for Linux ARM SL\n\nFor the legacy CODESYS V2 products, no new version is scheduled.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@codesys.com",
"name": "CODESYS GmbH",
"namespace": "https://www.codesys.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-035: CODESYS: Multiple products affected by WIBU Codemeter vulnerability - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-035/"
},
{
"category": "self",
"summary": "VDE-2023-035: CODESYS: Multiple products affected by WIBU Codemeter vulnerability - CSAF",
"url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-035.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.codesys.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for CODESYS GmbH",
"url": "https://certvde.com/en/advisories/vendor/codesys/"
}
],
"title": "CODESYS: Multiple products affected by WIBU Codemeter vulnerability",
"tracking": {
"aliases": [
"VDE-2023-035"
],
"current_release_date": "2023-12-05T07:00:00.000Z",
"generator": {
"date": "2025-04-23T08:34:15.959Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2023-035",
"initial_release_date": "2023-12-05T07:00:00.000Z",
"revision_history": [
{
"date": "2023-12-05T07:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.10.0.0",
"product": {
"name": "CODESYS Control for Linux ARM SL \u003c4.10.0.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "4.10.0.0",
"product": {
"name": "CODESYS Control for Linux ARM SL 4.10.0.0",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "CODESYS Control for Linux ARM SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.10.0.0",
"product": {
"name": "CODESYS Control for Linux SL \u003c4.10.0.0",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "4.10.0.0",
"product": {
"name": "CODESYS Control for Linux SL 4.10.0.0",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "CODESYS Control for Linux SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.19.30",
"product": {
"name": "CODESYS Control RTE (for Beckhoff CX) SL \u003c3.5.19.30",
"product_id": "CSAFPID-51003"
}
},
{
"category": "product_version",
"name": "3.5.19.30",
"product": {
"name": "CODESYS Control RTE (for Beckhoff CX) SL 3.5.19.30",
"product_id": "CSAFPID-52003"
}
}
],
"category": "product_name",
"name": "CODESYS Control RTE (for Beckhoff CX) SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.19.30",
"product": {
"name": "CODESYS Control RTE (SL) \u003c3.5.19.30",
"product_id": "CSAFPID-51004"
}
},
{
"category": "product_version",
"name": "3.5.19.30",
"product": {
"name": "CODESYS Control RTE (SL) 3.5.19.30",
"product_id": "CSAFPID-52004"
}
}
],
"category": "product_name",
"name": "CODESYS Control RTE (SL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.19.30",
"product": {
"name": "CODESYS Control Win (SL) \u003c3.5.19.30",
"product_id": "CSAFPID-51005"
}
},
{
"category": "product_version",
"name": "3.5.19.30",
"product": {
"name": "CODESYS Control Win (SL) 3.5.19.30",
"product_id": "CSAFPID-52005"
}
}
],
"category": "product_name",
"name": "CODESYS Control Win (SL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "2.3.9.45\u003c3.5.19.30",
"product": {
"name": "CODESYS Software CODESYS Development System 2.3.9.45\u003c3.5.19.30",
"product_id": "CSAFPID-51006"
}
},
{
"category": "product_version",
"name": "3.5.19.30",
"product": {
"name": "CODESYS Development System 3.5.19.30",
"product_id": "CSAFPID-52006"
}
}
],
"category": "product_name",
"name": "CODESYS Development System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.19.30",
"product": {
"name": "CODESYS HMI (SL) \u003c3.5.19.30",
"product_id": "CSAFPID-51007"
}
},
{
"category": "product_version",
"name": "3.5.19.30",
"product": {
"name": "CODESYS HMI (SL) 3.5.19.30",
"product_id": "CSAFPID-52007"
}
}
],
"category": "product_name",
"name": "CODESYS HMI (SL)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.19.30",
"product": {
"name": "CODESYS OPC OA Server SL \u003c3.5.19.30",
"product_id": "CSAFPID-51008"
}
},
{
"category": "product_version",
"name": "3.5.19.30",
"product": {
"name": "CODESYS OPC OA Server SL 3.5.19.30",
"product_id": "CSAFPID-52008"
}
}
],
"category": "product_name",
"name": "CODESYS OPC OA Server SL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=2.3.7.25",
"product": {
"name": "CODESYS SP Realtime NT \u003e=2.3.7.25",
"product_id": "CSAFPID-51009"
}
}
],
"category": "product_name",
"name": "CODESYS SP Realtime NT"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "CODESYS"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008"
],
"summary": "Fixed products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "WIBU-SYSTEMS AG recommends updating to CodeMeter Runtime version 7.60c to fix the vulnerability.\n\nUntil an update is available for the affected CODESYS products or if this is not to be installed, CODESYS\nGmbH recommends downloading and installing the current CodeMeter Runtime directly from the website of\nWIBU-SYSTEMS AG (https://www.wibu.com/support/user/user-software.html).\n\nIf neither an update of the affected CODESYS products nor an update of the WIBU CodeMeter Runtime can be performed, you may find further mitigations in the Security Advisory WIBU-230704-01 provided by WIBUSYSTEMS AG (https://www.wibu.com/support/security-advisories.html).",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update the following products to version 3.5.19.30.\n\n\u2022 CODESYS Control RTE (SL)\n\n\u2022 CODESYS Control RTE (for Beckhoff CX) SL\n\n\u2022 CODESYS Control Win (SL)\n\n\u2022 CODESYS HMI (SL)\n\n\u2022 CODESYS Development System \n\n\u2022 CODESYS OPC DA Server SL\n\nUpdate the following products to version to 4.10.0.0.\n\n\u2022 CODESYS Control for Linux SL\n\n\u2022 CODESYS Control\u00a0for Linux ARM SL\n\nFor the legacy CODESYS V2 products, no new version is scheduled.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
]
}
],
"title": "CVE-2023-3935"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…