VDE-2024-024

Vulnerability from csaf_codesysgmbh - Published: 2024-05-06 08:00 - Updated: 2025-05-14 13:00
Summary
CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files
Notes
Summary: Local attackers can cause affected CODESYS Development System V2.3 installations to crash or execute code by opening malicious project files. The CODESYS Development System V2.3 is an IEC 61131-3 programming tool for the industrial controller and automation technology sector. It stores the program code for the controller and its configuration in project files (*.pro).
Impact: The CODESYS Development System V2.3 allows corrupt project files to be opened after confirmation of a warning dialog so that legitimate users can possibly copy project fragments into a new project. This functionality does not sufficiently secure the loading of malicious project files and is therefore susceptible to the memory corruption vulnerabilities mentioned in the CVEs.
Mitigation: CODESYS GmbH strongly recommends only opening projects from trustworthy sources! If the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project: "The project file is corrupt. Would you still like to try to load the project? Attention! CODESYS could become unstable when loading a corrupt project file." In addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project.
Remediation: Update the CODESYS Development System V2.3 to version 2.3.9.73. As of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated. Note: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3. Please visit the CODESYS download area for more information on how to obtain the software update.
CVE-2023-49675
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 - Out-of-bounds Write
Vendor Fix Update the CODESYS Development System V2.3 to version 2.3.9.73. As of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated. Note: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3. Please visit the CODESYS download area for more information on how to obtain the software update.
Mitigation CODESYS GmbH strongly recommends only opening projects from trustworthy sources! If the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project: "The project file is corrupt. Would you still like to try to load the project? Attention! CODESYS could become unstable when loading a corrupt project file." In addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project.
CVE-2023-49676
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-416 - Use After Free
Vendor Fix Update the CODESYS Development System V2.3 to version 2.3.9.73. As of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated. Note: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3. Please visit the CODESYS download area for more information on how to obtain the software update.
Mitigation CODESYS GmbH strongly recommends only opening projects from trustworthy sources! If the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project: "The project file is corrupt. Would you still like to try to load the project? Attention! CODESYS could become unstable when loading a corrupt project file." In addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project.
References
Acknowledgments
CERTVDE certvde.com
Michael Heinzl
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERTVDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Michael Heinzl"
        ],
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Local attackers can cause affected CODESYS Development System V2.3 installations to crash or execute code by opening malicious project files.\n\nThe CODESYS Development System V2.3 is an IEC 61131-3 programming tool for the industrial controller and automation technology sector. It stores the program code for the controller and its configuration in project files (*.pro).",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The CODESYS Development System V2.3 allows corrupt project files to be opened after confirmation of a warning dialog so that legitimate users can possibly copy project fragments into a new project. This functionality does not sufficiently secure the loading of malicious project files and is therefore susceptible to the memory corruption vulnerabilities mentioned in the CVEs.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "CODESYS GmbH strongly recommends only opening projects from trustworthy sources!\nIf the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project:\n\"The project file is corrupt. Would you still like to try to load the project?\nAttention! CODESYS could become unstable when loading a corrupt project file.\"\nIn addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update the CODESYS Development System V2.3 to version 2.3.9.73.\nAs of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated.\n\n\nNote: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3.\nPlease visit the CODESYS download area for more information on how to obtain the software update.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@codesys.com",
      "name": "CODESYS GmbH",
      "namespace": "https://www.codesys.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2024-024: CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2024-024/"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for CODESYS GmbH",
        "url": "https://certvde.com/en/advisories/vendor/codesys/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-024: CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files - CSAF",
        "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-024.json"
      }
    ],
    "title": "CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files",
    "tracking": {
      "aliases": [
        "VDE-2024-024"
      ],
      "current_release_date": "2025-05-14T13:00:15.000Z",
      "generator": {
        "date": "2025-04-09T12:11:55.915Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.22"
        }
      },
      "id": "VDE-2024-024",
      "initial_release_date": "2024-05-06T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-05-06T08:00:00.000Z",
          "number": "1",
          "summary": "initial revision"
        },
        {
          "date": "2025-05-14T13:00:15.000Z",
          "number": "2",
          "summary": "Fix: added distribution"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CODESYS Development System V2.3",
                "product": {
                  "name": "CODESYS Development System V2.3",
                  "product_id": "CSAFPID-11001"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.3.9.73",
                "product": {
                  "name": "Firmware \u003c2.3.9.73",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "2.3.9.73",
                "product": {
                  "name": "Firmware 2.3.9.73",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "CODESYS GmbH"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c2.3.9.73 installed on CODESYS Development System V2.3",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.3.9.73 installed on CODESYS Development System V2.3",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-49675",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability."
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update the CODESYS Development System V2.3 to version 2.3.9.73.\nAs of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated.\n\n\nNote: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3.\nPlease visit the CODESYS download area for more information on how to obtain the software update.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "mitigation",
          "details": "CODESYS GmbH strongly recommends only opening projects from trustworthy sources!\nIf the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project:\n\"The project file is corrupt. Would you still like to try to load the project?\nAttention! CODESYS could become unstable when loading a corrupt project file.\"\nIn addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2023-49675"
    },
    {
      "cve": "CVE-2023-49676",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability."
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update the CODESYS Development System V2.3 to version 2.3.9.73.\nAs of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated.\n\n\nNote: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3.\nPlease visit the CODESYS download area for more information on how to obtain the software update.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "mitigation",
          "details": "CODESYS GmbH strongly recommends only opening projects from trustworthy sources!\nIf the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project:\n\"The project file is corrupt. Would you still like to try to load the project?\nAttention! CODESYS could become unstable when loading a corrupt project file.\"\nIn addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 5.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2023-49676"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.