VDE-2025-009
Vulnerability from csaf_wagogmbhcokg - Published: 2025-02-04 11:00 - Updated: 2025-05-14 12:28Summary
WAGO: Vulnerabilities in CODESYS Control V3 - OPC UA Stack
Notes
Impact: The OPC UA Stack is used by both the CODESYS OPC UA Server and Client for data exchange with OPC UA clients like SCADA or HMIs, and OPC UA servers like PLCs. A vulnerability exists where a specially crafted request can cause the system to miscalculate the buffer size, leading to a crash during buffer initialization. Attackers can exploit this flaw by sending malicious requests to crash the CODESYS runtime system. The CODESYS Control runtime system includes both the OPC UA client and server, while the CODESYS HMI includes only the OPC UA client.
Summary: Several WAGO Firmwares are vulnerable to an incorrect calculation of the buffer size in the CODESYS OPC UA STACK. This can lead to a crash of the runtime of the affected firmware versions installed on several devices.
Remediation: Update to Firmware version 22 Patch 2, Firmware version 27 or Firmware version 4 for the basic controller. For the latest custom firmware, please contact the WAGO support.
Mitigation: The incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system is limited to a value of 10129639 (Stack.MaxArrayLenth=10129639) or less. This can be achieved by adding the following setting in the runtime configuration under the following path: /etc/codesys3.d/codesyscotrol.cfg
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
7.5 (High)
Affected products
Fixed
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — |
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31002 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31003 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31004 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31005 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31006 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31007 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31008 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31009 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31010 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31011 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31012 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31013 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31014 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31015 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31016 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31017 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31018 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31019 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31020 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31021 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31022 | — |
Workaround
Vendor Fix
|
|
| Unresolved product id: CSAFPID-31023 | — |
Workaround
Vendor Fix
|
References
5 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "description",
"text": "The OPC UA Stack is used by both the CODESYS OPC UA Server and Client for data exchange with OPC UA clients like SCADA or HMIs, and OPC UA servers like PLCs. A vulnerability exists where a specially crafted request can cause the system to miscalculate the buffer size, leading to a crash during buffer initialization. Attackers can exploit this flaw by sending malicious requests to crash the CODESYS runtime system. The CODESYS Control runtime system includes both the OPC UA client and server, while the CODESYS HMI includes only the OPC UA client.",
"title": "Impact"
},
{
"category": "summary",
"text": "Several WAGO Firmwares are vulnerable to an incorrect calculation of the buffer size in the CODESYS OPC UA STACK. This can lead to a crash of the runtime of the affected firmware versions installed on several devices.",
"title": "Summary"
},
{
"category": "description",
"text": "Update to Firmware version 22 Patch 2, Firmware version 27 or Firmware version 4 for the basic controller. For the latest custom firmware, please contact the WAGO support.",
"title": "Remediation"
},
{
"category": "description",
"text": "The incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system is limited to a value of 10129639 (Stack.MaxArrayLenth=10129639) or less. This can be achieved by adding the following setting in the runtime configuration under the following path: /etc/codesys3.d/codesyscotrol.cfg",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2025-009: WAGO: Vulnerabilities in CODESYS Control V3 - OPC UA Stack - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-009"
},
{
"category": "self",
"summary": "VDE-2025-009: WAGO: Vulnerabilities in CODESYS Control V3 - OPC UA Stack - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-009.json"
}
],
"title": "WAGO: Vulnerabilities in CODESYS Control V3 - OPC UA Stack",
"tracking": {
"aliases": [
"VDE-2025-009"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-01-30T10:19:58.735Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.16"
}
},
"id": "VDE-2025-009",
"initial_release_date": "2025-02-04T11:00:00.000Z",
"revision_history": [
{
"date": "2025-02-04T11:00:00.000Z",
"number": "1",
"summary": "Initial release"
},
{
"date": "2025-03-12T13:30:00.000Z",
"number": "2",
"summary": "fixed version"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: firmware category"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Basic Controller 100 0750-800x",
"product": {
"name": "Basic Controller 100 0750-800x",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"0750-800?"
]
}
}
},
{
"category": "product_name",
"name": "CC100 0751-9x01",
"product": {
"name": "CC100 0751-9x01",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"0751-9?01"
]
}
}
},
{
"category": "product_name",
"name": "Edge Controller 0752-8303/8000-0002",
"product": {
"name": "Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"0752-8303/8000-0002"
]
}
}
},
{
"category": "product_name",
"name": "PFC100 G1 0750-810x/xxxx-xxxx",
"product": {
"name": "PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"0750-810?/????-????"
]
}
}
},
{
"category": "product_name",
"name": "PFC100 G2 0750-811x-xxxx-xxxx",
"product": {
"name": "PFC100 G2 0750-811x-xxxx-xxxx",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"0750-811?-????-????"
]
}
}
},
{
"category": "product_name",
"name": "PFC200 G1 750-820x-xxx-xxx",
"product": {
"name": "PFC200 G1 750-820x-xxx-xxx",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"750-820?-????-????"
]
}
}
},
{
"category": "product_name",
"name": "PFC200 G2 750-821x-xxx-xxx",
"product": {
"name": "PFC200 G2 750-821x-xxx-xxx",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"750-821?-????-????"
]
}
}
},
{
"category": "product_name",
"name": "TP600 0762-420x/8000-000x",
"product": {
"name": "TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"0762-420?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "TP600 0762-430x/8000-000x",
"product": {
"name": "TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"0762-430?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "TP600 0762-520x/8000-000x",
"product": {
"name": "TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"0762-520?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "TP600 0762-530x/8000-000x",
"product": {
"name": "TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"0762-530?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "TP600 0762-620x/8000-000x",
"product": {
"name": "TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"0762-530?/8000-000?"
]
}
}
},
{
"category": "product_name",
"name": "TP600 0762-630x/8000-000x",
"product": {
"name": "TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"0762-630?/8000-000?"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c01.04.07(FW4 Basic Controller)",
"product": {
"name": "Firmware \u003c01.04.07(FW4 Basic Controller)",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c04.06.03(70)",
"product": {
"name": "Firmware \u003c04.06.03(70)",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c03.06.10(FW18)",
"product": {
"name": "Firmware \u003c03.06.10(FW18)",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version_range",
"name": "\u003c04.05.10(FW27)",
"product": {
"name": "Firmware \u003c04.05.10(FW27)",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "04.05.10",
"product": {
"name": "Firmware 04.05.10",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version_range",
"name": "\u003c04.06.01(70)",
"product": {
"name": "Firmware \u003c04.06.01(70)",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c03.10.11(FW22Patch2)",
"product": {
"name": "Firmware \u003c03.10.11(FW22Patch2)",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version",
"name": "03.10.11",
"product": {
"name": "Firmware 03.10.11",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "01.04.07(FW4 Basic Controller)",
"product": {
"name": "Firmware 01.04.07(FW4 Basic Controller)",
"product_id": "CSAFPID-22004"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c01.04.07(FW4 Basic Controller) installed on Basic Controller 100 0750-800x",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on CC100 0751-9x01",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.03(70) installed on CC100 0751-9x01",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on CC100 0751-9x01",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on CC100 0751-9x01",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on Edge Controller 0752-8303/8000-0002",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.10.11(FW22Patch2) installed on PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.10.11 installed on PFC100 G1 0750-810x/xxxx-xxxx",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on PFC100 G2 0750-811x-xxxx-xxxx",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on PFC100 G2 0750-811x-xxxx-xxxx",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on PFC100 G2 0750-811x-xxxx-xxxx",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on PFC100 G2 0750-811x-xxxx-xxxx",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on PFC200 G1 750-820x-xxx-xxx",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.10.11(FW22Patch2) installed on PFC200 G1 750-820x-xxx-xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.10.11 installed on PFC200 G1 750-820x-xxx-xxx",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on PFC200 G2 750-821x-xxx-xxx",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on PFC200 G2 750-821x-xxx-xxx",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on PFC200 G2 750-821x-xxx-xxx",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on PFC200 G2 750-821x-xxx-xxx",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on TP600 0762-420x/8000-000x",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on TP600 0762-430x/8000-000x",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on TP600 0762-520x/8000-000x",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on TP600 0762-530x/8000-000x",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on TP600 0762-620x/8000-000x",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.06.10(FW18) installed on TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.05.10(FW27) installed on TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.05.10 installed on TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.06.01(70) installed on TP600 0762-630x/8000-000x",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5000",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
]
},
"references": [
{
"category": "external",
"summary": "CODESYS Advisory 2024-03",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18355\u0026token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1\u0026download="
},
{
"category": "self",
"summary": "VDE-2025-009: WAGO: Vulnerabilities in CODESYS Control V3 - OPC UA Stack",
"url": "https://certvde.com/en/advisories/VDE-2025-009"
}
],
"remediations": [
{
"category": "workaround",
"date": "2024-06-06T10:00:00.000Z",
"details": "The incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system\nis limited to a value of 10129639 (Stack.MaxArrayLenth=10129639) or less. This can be achieved by adding the following setting in the runtime configuration under the following path: /etc/codesys3.d/codesyscotrol.cfg ",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
]
},
{
"category": "vendor_fix",
"details": "The incorrect calculation of the buffer size can be avoided if the maximum supported array length of the OPC UA stack of the CODESYS Control runtime system is limited to a value of 10129639 (Stack.MaxArrayLenth=10129639) or less. This can be achieved by adding the following setting in the runtime configuration under the following path: /etc/codesys3.d/codesyscotrol.cfg",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023"
]
}
],
"title": "CVE-2024-5000"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…