Vulnerability-Lookup

CVE-2024-6876 (GCVE-0-2024-6876)

Vulnerability from cvelistv5 – Published: 2024-09-10 15:08 – Updated: 2024-10-01 06:27

Title

Out-of-bounds read in OSCAT-Library

Summary

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-125 - Out-of-bounds Read

Assigner

CERTVDE

References

2 references

URL	Tags
https://customers.codesys.com/index.php?eID=dumpF…
https://certvde.com/en/advisories/VDE-2024-046/

Impacted products

3 products

Vendor	Product	Version
oscat.de	OSCAT Basic Library	Affected: 0 , < 3.3.5 (custom)
oscat.de	OSCAT Basic Library	Affected: 0 , < 335 (custom)
CODESYS	OSCAT Basic Library	Affected: 0.0.0 , < <3.3.5.0 (semver)

Credits

Corban Villa Hithem Lamri Constantine Doumanidis Michail Maniatakos Modern Microprocessors Architecture (MoMA) Lab at NYU Abu Dhabi CODESYS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6876",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:31.572005Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T16:16:48.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OSCAT Basic Library",
          "vendor": "oscat.de",
          "versions": [
            {
              "lessThan": "3.3.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OSCAT Basic Library",
          "vendor": "oscat.de",
          "versions": [
            {
              "lessThan": "335",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OSCAT Basic Library",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "\u003c3.3.5.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Corban Villa"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hithem Lamri"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Constantine Doumanidis"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michail Maniatakos"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Modern Microprocessors Architecture (MoMA) Lab at NYU Abu Dhabi"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "CODESYS"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\u003cbr\u003e"
            }
          ],
          "value": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-01T06:27:27.135Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
        },
        {
          "url": "https://certvde.com/en/advisories/VDE-2024-046/"
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#641645"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds read in OSCAT-Library",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-6876",
    "datePublished": "2024-09-10T15:08:16.212Z",
    "dateReserved": "2024-07-18T06:31:20.701Z",
    "dateUpdated": "2024-10-01T06:27:27.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-6876",
      "date": "2026-05-11",
      "epss": "0.00162",
      "percentile": "0.36599"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:codesys:oscat_basic_library:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5.5.0\", \"matchCriteriaId\": \"40E6168D-7595-477A-A25D-6045EBDC01AC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de lectura fuera de los l\\u00edmites en la librer\\u00eda b\\u00e1sica OSCAT permite que un atacante local sin privilegios acceda a datos internos limitados del PLC, lo que puede provocar un bloqueo del servicio afectado.\"}]",
      "id": "CVE-2024-6876",
      "lastModified": "2024-10-01T07:15:05.890",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 2.5}]}",
      "published": "2024-09-10T16:15:22.197",
      "references": "[{\"url\": \"https://certvde.com/en/advisories/VDE-2024-046/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download=\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6876\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2024-09-10T16:15:22.197\",\"lastModified\":\"2024-10-01T07:15:05.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de lectura fuera de los l\u00edmites en la librer\u00eda b\u00e1sica OSCAT permite que un atacante local sin privilegios acceda a datos internos limitados del PLC, lo que puede provocar un bloqueo del servicio afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:oscat_basic_library:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.5.0\",\"matchCriteriaId\":\"40E6168D-7595-477A-A25D-6045EBDC01AC\"}]}]}],\"references\":[{\"url\":\"https://certvde.com/en/advisories/VDE-2024-046/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download=\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6876\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:16:31.572005Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T16:16:41.842Z\"}}], \"cna\": {\"title\": \"Out-of-bounds read in OSCAT-Library\", \"source\": {\"defect\": [\"CERT@VDE#641645\"], \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Corban Villa\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Hithem Lamri\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Constantine Doumanidis\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Michail Maniatakos\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Modern Microprocessors Architecture (MoMA) Lab at NYU Abu Dhabi\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"CODESYS\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"oscat.de\", \"product\": \"OSCAT Basic Library\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.3.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"oscat.de\", \"product\": \"OSCAT Basic Library\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"335\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"OSCAT Basic Library\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"\u003c3.3.5.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download=\"}, {\"url\": \"https://certvde.com/en/advisories/VDE-2024-046/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2024-10-01T06:27:27.135Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6876\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-01T06:27:27.135Z\", \"dateReserved\": \"2024-07-18T06:31:20.701Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2024-09-10T15:08:16.212Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-6876

Vulnerability from fkie_nvd - Published: 2024-09-10 16:15 - Updated: 2024-10-01 07:15

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Summary

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

References

	URL	Tags
	info@cert.vde.com	https://certvde.com/en/advisories/VDE-2024-046/	Third Party Advisory
	info@cert.vde.com	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18601&token=27389a52e058d95ff70b17a2370fedf07e073034&download=	Vendor Advisory

Impacted products

	Vendor	Product	Version
	codesys	oscat_basic_library	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codesys:oscat_basic_library:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40E6168D-7595-477A-A25D-6045EBDC01AC",
              "versionEndExcluding": "3.5.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de lectura fuera de los l\u00edmites en la librer\u00eda b\u00e1sica OSCAT permite que un atacante local sin privilegios acceda a datos internos limitados del PLC, lo que puede provocar un bloqueo del servicio afectado."
    }
  ],
  "id": "CVE-2024-6876",
  "lastModified": "2024-10-01T07:15:05.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-10T16:15:22.197",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://certvde.com/en/advisories/VDE-2024-046/"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2024-2096

Vulnerability from csaf_certbund - Published: 2024-09-09 22:00 - Updated: 2024-09-09 22:00

Summary

CODESYS: Schwachstelle in der OSCAT Basic Bibliothek ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: CODESYS ist eine herstellerunabhängige Automatisierungssoftware für die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in CODESYS in der OSCAT Basic Bibliothek ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2024-6876

Es existiert eine Schwachstelle in CODESYS in der verwendeten OSCAT Basic Bibliothek. Die Funktion MONTH_TO_STRING der OSCAT Basic Bibliothek prüft nicht vollständig die gültigen Bereiche der übergebenen Werte. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch entsprechende Eingaben Out-of-Bounds-Lesezugriffe durchzuführen und so begrenzte interne Daten aus der SPS auszulesen oder sie möglicherweise zum Absturz zu bringen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
CODESYS CODESYS OSCAT Basic library <3.3.5 CODESYS / CODESYS		OSCAT Basic library <3.3.5

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://customers.codesys.com/index.php?eID=dumpF…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "CODESYS ist eine herstellerunabh\u00e4ngige Automatisierungssoftware f\u00fcr die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in CODESYS in der  OSCAT Basic Bibliothek ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2096 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2096.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2096 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2096"
      },
      {
        "category": "external",
        "summary": "CODESYS Security Advisory vom 2024-09-09",
        "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
      }
    ],
    "source_lang": "en-US",
    "title": "CODESYS: Schwachstelle in der OSCAT Basic Bibliothek erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2024-09-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-10T12:03:43.689+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-2096",
      "initial_release_date": "2024-09-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-09-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "OSCAT Basic library \u003c3.3.5",
                "product": {
                  "name": "CODESYS CODESYS OSCAT Basic library \u003c3.3.5",
                  "product_id": "T037407"
                }
              },
              {
                "category": "product_version",
                "name": "OSCAT Basic library 3.3.5",
                "product": {
                  "name": "CODESYS CODESYS OSCAT Basic library 3.3.5",
                  "product_id": "T037407-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:codesys:codesys:oscat_basic_library__3.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS"
          }
        ],
        "category": "vendor",
        "name": "CODESYS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6876",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in CODESYS in der verwendeten OSCAT Basic Bibliothek. Die Funktion MONTH_TO_STRING der OSCAT Basic Bibliothek pr\u00fcft nicht vollst\u00e4ndig die g\u00fcltigen Bereiche der \u00fcbergebenen Werte. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch entsprechende Eingaben Out-of-Bounds-Lesezugriffe durchzuf\u00fchren und so begrenzte interne Daten aus der SPS auszulesen oder sie m\u00f6glicherweise zum Absturz zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037407"
        ]
      },
      "release_date": "2024-09-09T22:00:00.000+00:00",
      "title": "CVE-2024-6876"
    }
  ]
}

GHSA-9QJV-XM65-GQ4F

Vulnerability from github – Published: 2024-09-10 18:30 – Updated: 2024-09-10 18:30

Details

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

Severity ?

5.1 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-6876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T16:15:22Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.",
  "id": "GHSA-9qjv-xm65-gq4f",
  "modified": "2024-09-10T18:30:44Z",
  "published": "2024-09-10T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6876"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/en/advisories/VDE-2024-046"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

VDE-2024-046

Vulnerability from csaf_codesysgmbh - Published: 2024-09-10 14:00 - Updated: 2024-09-10 14:00

Summary

OSCAT: Out-of-bounds read in OSCAT Basic library

Notes

Summary: The OSCAT Basic library is one of several libraries developed and provided by OSCAT. OSCAT (oscat.de) stands for "Open Source Community for Automation Technology". The OSCAT Basic library offers function blocks for various tasks, e.g. for buffer management, list processing, control technology, mathematics, string processing, time and date conversion. By adding the OSCAT Basic library into IEC 61131-3-compliant programming tools, PLC programmers can use all the functions provided by the library in their control programs. Within the library, the MONTH_TO_STRING function is affected by an out-of-bounds read vulnerability. Exploitation of the vulnerability may lead to limited access to internal data or possibly to a crash of the PLC.

Impact: The OSCAT Basic library, which is developed and provided by OSCAT, the "Open Source Community for Automation Technology", as an extension to the IEC 61131-3-based programming tools, offers functions for a wide range of programming tasks. As part of the date and time processing functions, the library offers a function called MONTH_TO_STRING for converting months into various selectable string representations. The MONTH_TO_STRING function of the OSCAT Basic library does not completely check the valid ranges of the passed values. This poses a vulnerability for the programmed PLC if values are passed to the MONTH_TO_STRING function that are fed into the PLC program from outside. An example could be a visualization in which integer values can be entered, which are then passed directly from the PLC program without further range checking as parameters to the MONTH_TO_STRING function. By entering values outside the valid range, an attacker can perform out-of-bounds read accesses to read limited internal data from the PLC or possibly cause it to crash.

Mitigation: CODESYS GmbH recommends an update of the OSCAT Basic library to address the security vulnerability. Without an update, the vulnerability can be prevented by validating all values in the PLC program before they are passed to the affected function. In particular, negative values must be blocked as function parameters of MONTH_TO_STRING. Regardless of whether the OSCAT Basic library in the programming system was updated or the security vulnerability in the PLC program was mitigated, a download or online change must be performed to update the application on the PLC. And don't forget to rebuild/download the boot project.

Remediation: Update the OSCAT Basic library to version 3.3.5. The OSCAT Basic library version 3.3.5 is expected to be released in September 2024. To make the fix effective for existing CODESYS projects, you also must adjust the version of the OSCAT Basic library to be used in the Library Manager of the CODESYS project to version 3.3.5.0. Then you must update the CODESYS application on the PLC by download or online change and rebuild/download the boot application.

CVE-2024-6876

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-125 - Out-of-bounds Read

Mitigation CODESYS GmbH recommends an update of the OSCAT Basic library to address the security vulnerability. Without an update, the vulnerability can be prevented by validating all values in the PLC program before they are passed to the affected function. In particular, negative values must be blocked as function parameters of MONTH_TO_STRING. Regardless of whether the OSCAT Basic library in the programming system was updated or the security vulnerability in the PLC program was mitigated, a download or online change must be performed to update the application on the PLC. And don't forget to rebuild/download the boot project.

Vendor Fix Update the OSCAT Basic library to version 3.3.5. The OSCAT Basic library version 3.3.5 is expected to be released in September 2024. To make the fix effective for existing CODESYS projects, you also must adjust the version of the OSCAT Basic library to be used in the Library Manager of the CODESYS project to version 3.3.5.0. Then you must update the CODESYS application on the PLC by download or online change and rebuild/download the boot application.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-32001		—
Unresolved product id: CSAFPID-32002		—
Unresolved product id: CSAFPID-32003		—

References

3 references

URL	Category
https://certvde.com/de/advisories/VDE-2024-046/	self
https://certvde.com/en/advisories/vendor/codesys/	external
https://codesys.csaf-tp.certvde.com/.well-known/c…	self

Acknowledgments

CERTVDE certvde.com

Modern Microprocessors Architecture (MoMA) Lab Corban Villa Hithem Lamri Constantine Doumanidis Michail Maniatakos wp.nyu.edu/momalab/

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERTVDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Corban Villa",
          "Hithem Lamri",
          "Constantine Doumanidis",
          "Michail Maniatakos"
        ],
        "organization": "Modern Microprocessors Architecture (MoMA) Lab",
        "summary": "reporting",
        "urls": [
          "https://wp.nyu.edu/momalab/"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The OSCAT Basic library is one of several libraries developed and provided by OSCAT. OSCAT (oscat.de) stands for \"Open Source Community for Automation Technology\".\n\nThe OSCAT Basic library offers function blocks for various tasks, e.g. for buffer management, list processing, control technology, mathematics, string processing, time and date conversion. By adding the OSCAT Basic library into IEC 61131-3-compliant programming tools, PLC programmers can use all the functions provided by the library in their control programs.\n\nWithin the library, the MONTH_TO_STRING function is affected by an out-of-bounds read vulnerability. Exploitation of the vulnerability may lead to limited access to internal data or possibly to a crash of the PLC.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The OSCAT Basic library, which is developed and provided by OSCAT, the \"Open Source Community for Automation Technology\", as an extension to the IEC 61131-3-based programming tools, offers functions for a wide range of programming tasks. As part of the date and time processing functions, the library offers a function called MONTH_TO_STRING for converting months into various selectable string representations.\n\nThe MONTH_TO_STRING function of the OSCAT Basic library does not completely check the valid ranges of the passed values. This poses a vulnerability for the programmed PLC if values are passed to the MONTH_TO_STRING function that are fed into the PLC program from outside. An example could be a visualization in which integer values can be entered, which are then passed directly from the PLC program without further range checking as parameters to the MONTH_TO_STRING function. By entering values outside the valid range, an attacker can perform out-of-bounds read accesses to read limited internal data from the PLC or possibly cause it to crash.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "CODESYS GmbH recommends an update of the OSCAT Basic library to address the security vulnerability. Without an update, the vulnerability can be prevented by validating all values in the PLC program before they are passed to the affected function. In particular, negative values must be blocked as function parameters of MONTH_TO_STRING.\n\nRegardless of whether the OSCAT Basic library in the programming system was updated or the security vulnerability in the PLC program was mitigated, a download or online change must be performed to update the application on the PLC. And don\u0027t forget to rebuild/download the boot project.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update the OSCAT Basic library to version 3.3.5.\n\nThe OSCAT Basic library version 3.3.5 is expected to be released in September 2024.\n\nTo make the fix effective for existing CODESYS projects, you also must adjust the version of the OSCAT Basic library to be used in the Library Manager of the CODESYS project to version 3.3.5.0. Then you must update the CODESYS application on the PLC by download or online change and rebuild/download the boot application.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@codesys.com",
      "name": "CODESYS GmbH",
      "namespace": "https://www.codesys.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2024-046: OSCAT: Out-of-bounds read in OSCAT Basic library - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2024-046/"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for CODESYS GmbH",
        "url": "https://certvde.com/en/advisories/vendor/codesys/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-046: OSCAT: Out-of-bounds read in OSCAT Basic library - CSAF",
        "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-046.json"
      }
    ],
    "title": "OSCAT: Out-of-bounds read in OSCAT Basic library",
    "tracking": {
      "aliases": [
        "VDE-2024-046"
      ],
      "current_release_date": "2024-09-10T14:00:00.000Z",
      "generator": {
        "date": "2025-05-05T08:11:27.031Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2024-046",
      "initial_release_date": "2024-09-10T14:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-09-10T14:00:00.000Z",
          "number": "1",
          "summary": "initial revision"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "oscat.de OSCAT Basic Library",
                "product": {
                  "name": "oscat.de OSCAT Basic Library",
                  "product_id": "CSAFPID-11001"
                }
              },
              {
                "category": "product_name",
                "name": "CODESYS OSCAT Basic Library",
                "product": {
                  "name": "CODESYS OSCAT Basic Library",
                  "product_id": "CSAFPID-11002"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.3.5.0",
                "product": {
                  "name": "Firmware \u003c3.3.5.0",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "3.3.5.0",
                "product": {
                  "name": "Firmware 3.3.5.0",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c335",
                "product": {
                  "name": "Firmware \u003c335",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.3.5",
                "product": {
                  "name": "Firmware \u003c3.3.5",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version",
                "name": "3.3.5",
                "product": {
                  "name": "Firmware 3.3.5",
                  "product_id": "CSAFPID-22002"
                }
              },
              {
                "category": "product_version",
                "name": "335",
                "product": {
                  "name": "Firmware 335",
                  "product_id": "CSAFPID-22003"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "CODESYS GmbH"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ],
        "summary": "affected products"
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003"
        ],
        "summary": "fixed products"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c3.3.5.0 installed on oscat.de OSCAT Basic Library",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.3.5.0 installed on oscat.de OSCAT Basic Library",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c335 installed on CODESYS OSCAT Basic Library",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c3.3.5 installed on CODESYS OSCAT Basic Library",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.3.5 installed on CODESYS OSCAT Basic Library",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 335 installed on CODESYS OSCAT Basic Library",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11002"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6876",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service."
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "CODESYS GmbH recommends an update of the OSCAT Basic library to address the security vulnerability. Without an update, the vulnerability can be prevented by validating all values in the PLC program before they are passed to the affected function. In particular, negative values must be blocked as function parameters of MONTH_TO_STRING.\n\nRegardless of whether the OSCAT Basic library in the programming system was updated or the security vulnerability in the PLC program was mitigated, a download or online change must be performed to update the application on the PLC. And don\u0027t forget to rebuild/download the boot project.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update the OSCAT Basic library to version 3.3.5.\n\nThe OSCAT Basic library version 3.3.5 is expected to be released in September 2024.\n\nTo make the fix effective for existing CODESYS projects, you also must adjust the version of the OSCAT Basic library to be used in the Library Manager of the CODESYS project to version 3.3.5.0. Then you must update the CODESYS application on the PLC by download or online change and rebuild/download the boot application.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.1,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003"
          ]
        }
      ],
      "title": "CVE-2024-6876"
    }
  ]
}

ICSA-24-326-02

Vulnerability from csaf_cisa - Published: 2024-11-21 07:00 - Updated: 2024-11-21 07:00

Summary

OSCAT Basic Library

Notes

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service.

Critical infrastructure sectors: Critical Manufacturing, Energy, Water and Wastewater Systems

Countries/areas deployed: Worldwide

Company headquarters location: Germany

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices: No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

CVE-2024-6876

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 3 products

Product	Version	Remediation
CODESYS GmbH CODESYS OSCAT Basic Library: 3.3.5.0 CODESYS GmbH / CODESYS OSCAT Basic Library	3.3.5.0	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix Mitigation fix
CODESYS GmbH oscat.de OSCAT Basic Library: <=3.3.5 CODESYS GmbH / oscat.de OSCAT Basic Library	<=3.3.5	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix Mitigation fix
CODESYS GmbH oscat.de OSCAT Basic Library: <=335 CODESYS GmbH / oscat.de OSCAT Basic Library	<=335	Mitigation Mitigation Mitigation Mitigation Mitigation Mitigation fix Mitigation fix

References

13 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
https://www.cisa.gov/uscert/sites/default/files/p…	external
https://www.cisa.gov/uscert/ncas/tips/ST04-014	external
https://www.cve.org/CVERecord?id=CVE-2024-6876	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://www.first.org/cvss/calculator/4.0#CVSS:4.…	external

Acknowledgments

Modern Microprocessors Architecture (MoMA) Lab Corban Villa Hithem Lamri Constantine Doumanidis Michail Maniatakos

NYU Abu Dhabi Modern Microprocessors Architecture (MoMA) Lab

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Corban Villa",
          "Hithem Lamri",
          "Constantine Doumanidis",
          "Michail Maniatakos"
        ],
        "organization": "Modern Microprocessors Architecture (MoMA) Lab",
        "summary": "reporting this vulnerability to CERT@VDE and CODESYS"
      },
      {
        "names": [
          "Modern Microprocessors Architecture (MoMA) Lab"
        ],
        "organization": "NYU Abu Dhabi",
        "summary": "reporting this vulnerability to CERT@VDE and CODESYS"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-326-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-326-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-326-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "OSCAT Basic Library",
    "tracking": {
      "current_release_date": "2024-11-21T07:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-326-02",
      "initial_release_date": "2024-11-21T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-11-21T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.3.5.0",
                "product": {
                  "name": "CODESYS GmbH CODESYS OSCAT Basic Library: 3.3.5.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS OSCAT Basic Library"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=3.3.5",
                "product": {
                  "name": "CODESYS GmbH oscat.de OSCAT Basic Library: \u003c=3.3.5",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "oscat.de OSCAT Basic Library"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=335",
                "product": {
                  "name": "CODESYS GmbH oscat.de OSCAT Basic Library: \u003c=335",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "oscat.de OSCAT Basic Library"
          }
        ],
        "category": "vendor",
        "name": "CODESYS GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6876",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product is vulnerable to an out-of-bounds read in the OSCAT Basic Library, which allows a local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6876"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "CODESYS GmbH recommends users update OSCAT Basic Library to address the security vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Update the OSCAT Basic Library to Version 3.3.5.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "To make the fix effective for existing CODESYS projects, the user also must adjust the version of the OSCAT Basic library to be used in the Library Manager of the CODESYS project to Version 3.3.5.0. Then the user must update the CODESYS application on the PLC by download or online change and rebuild/download the boot application.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Without an update, the vulnerability can be prevented by validating all values in the PLC program before they are passed to the affected function. In particular, negative values must be blocked as function parameters of MONTH_TO_STRING.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Regardless of whether the OSCAT Basic library in the programming system was updated or the security vulnerability in the PLC program was mitigated, a download or online change must be performed to update the application on the PLC. CODESYS reminds users to rebuild/download the boot project.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information see the associated CERT@VDE security advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://certvde.com/de/advisories/VDE-2024-046/"
        },
        {
          "category": "mitigation",
          "details": "For a list of system environments the library has been validated against see OSCAT\u0027s library documentation.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.oscat.de/de/component/jdownloads/send/2-oscat-basic/9-oscat-basic333-en.html?Itemid=0"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-6876 (GCVE-0-2024-6876)

FKIE_CVE-2024-6876

WID-SEC-W-2024-2096

GHSA-9QJV-XM65-GQ4F

VDE-2024-046

ICSA-24-326-02

Tags

Sightings

Nomenclature