Loading

LP30/40/50 and BM40 Operator Interface Vulnerable to CODESYS Vulnerabilities

Severity:
Medium,
High
Advisory ID:
SD1659
게시한 날짜:
January 24, 2024
최근 업데이트:
December 01, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
아니요
Corrected:
아니요
Workaround:
아니요
CVE IDs
CVE-2022-47378,
CVE-2022-47379,
CVE-2022-47380, CVE-2022-47381 ,
CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390,
CVE-2022-47385 ,
CVE-2022-47392 ,
CVE-2022-47393
요약
LP30/40/50 and BM40 Operator Interface Vulnerable to CODESYS Vulnerabilities

Published Date: January 25, 2024

Last updated: January 25, 2024

Revision Number: 1.0

CVSS Score: 8.8

AFFECTED PRODUCTS AND SOLUTION

Affected Product (automated)

First Known in Software Revision

Corrected in Software Revision

LP30 Operator Panel

Codesys versions before V3.5.19.0

Codesys 3.5.19.2

LP40 Operator Panel

Codesys versions before V3.5.19.0

Codesys 3.5.19.2

BM40 Operator Panel

Codesys versions before V3.5.19.0

Codesys 3.5.19.2

LP50 Operator Panel

Codesys versions before V3.5.19.0

Codesys 3.5.19.2

 

VULNERABILITY DETAILS

The CODESYS Control runtime system is utilized in the affected ASEM™ (A Rockwell Automation Company) products and enables embedded or PC-based devices to be programmable industrial controllers. Such products contain communication servers for the CODESYS protocol to enable communication with clients like the CODESYS Development System.

These products have the following vulnerabilities:

 

CVE-2022-47378 IMPACT

CVSS Base Score: 6.5/10 (Medium)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1288: Improper Validation of Consistency within Input

 

After successful authentication, specifically crafted communication requests with inconsistent content can cause the CmpFiletransfer component to read internally from an invalid address, potentially leading to a denial-of-service condition.

 

CVE-2022-47379 IMPACT

CVSS Base Score: 8.8/10 (High)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787: Out-of-bounds Write

After successful authentication, specifically crafted communication requests can cause the CmpApp component to write threat actor-controlled data to memory, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVE-2022-47380, CVE-2022-47381 IMPACT

CVSS Base Score: 8.8/10 (High)

CWE-121: Stack-based Buffer Overflow

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

After successful authentication, specifically crafted communication requests can cause the CmpApp component to write threat actor-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

 

CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390 IMPACT

CVSS Base Score: 8.8/10 (High)

CWE-121: Stack-based Buffer Overflow

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

After successful authentication, specifically crafted communication requests can cause the CmpTraceMgr

component to write threat actor-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVE-2022-47385 IMPACT

CVSS Base Score: 8.8/10 (High)

CWE-121: Stack-based Buffer Overflow

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

After successful authentication, specifically crafted communication requests can cause the CmpAppForce

component to write threat actor-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CVE-2022-47392 IMPACT

CVSS Base Score: 6.5/10 (Medium)

CWE-1288: Improper Validation of Consistency within Input

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

 

After successful authentication, specifically crafted communication requests with inconsistent content can cause the CmpApp/CmpAppBP/CmpAppForce components to read internally from an invalid address, potentially leading to a denial-of-service condition.

CVE-2022-47393 IMPACT

CVSS Base Score: 6.5/10 (Medium)

CWE-822: Untrusted Pointer Dereference

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

After successful authentication, specifically crafted communication requests can cause the cmpFiletransfer component to dereference addresses provided by the request for internal read access, which can lead to a denial-of-service situation.

Mitigations and Workarounds

Customers using the affected software are encouraged to apply the risk mitigations, if possible.

  • Upgrade to CODESYS version 3.5.19.2 which has been released to mitigate these issues.
  • Additionally, we encourage the customer to implement our suggested security best practices to minimize risk of the vulnerability.

Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.

ADDITIONAL RESOURCES

CODESYS Advisory

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 홈
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
계속 진행하기 위해 쿠키 설정을 업데이트하십시오..
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • 소셜 미디어 쿠키
  • 기능 쿠키
  • 성능 쿠키
  • 마케팅 쿠키
  • 모든 쿠키
귀하는 쿠키 설정을 언제든지 변경할 수 있습니다. 자세한 내용은 이곳에서 확인하십시오. {0} 개인 정보 보호 정책
CloseClose