{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "tracking": { "generator": { "date": "2025-04-09T12:11:55.915Z", "engine": { "version": "2.5.22", "name": "Secvisogram" } }, "id": "VDE-2024-024", "version": "2", "status": "final", "aliases": [ "VDE-2024-024" ], "revision_history": [ { "number": "1", "summary": "initial revision", "date": "2024-05-06T08:00:00.000Z" }, { "number": "2", "summary": "Fix: added distribution", "date": "2025-05-14T13:00:15.000Z" } ], "current_release_date": "2025-05-14T13:00:15.000Z", "initial_release_date": "2024-05-06T08:00:00.000Z" }, "lang": "en-GB", "title": "CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files", "acknowledgments": [ { "organization": "CERTVDE", "urls": [ "https://certvde.com" ], "summary": "coordination" }, { "summary": "reporting", "names": [ "Michael Heinzl" ] } ], "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "notes": [ { "category": "summary", "title": "Summary", "text": "Local attackers can cause affected CODESYS Development System V2.3 installations to crash or execute code by opening malicious project files.\n\nThe CODESYS Development System V2.3 is an IEC 61131-3 programming tool for the industrial controller and automation technology sector. It stores the program code for the controller and its configuration in project files (*.pro)." }, { "category": "description", "title": "Impact", "text": "The CODESYS Development System V2.3 allows corrupt project files to be opened after confirmation of a warning dialog so that legitimate users can possibly copy project fragments into a new project. This functionality does not sufficiently secure the loading of malicious project files and is therefore susceptible to the memory corruption vulnerabilities mentioned in the CVEs." }, { "category": "description", "title": "Mitigation", "text": "CODESYS GmbH strongly recommends only opening projects from trustworthy sources!\nIf the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project:\n\"The project file is corrupt. Would you still like to try to load the project?\nAttention! CODESYS could become unstable when loading a corrupt project file.\"\nIn addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project." }, { "category": "description", "title": "Remediation", "text": "Update the CODESYS Development System V2.3 to version 2.3.9.73.\nAs of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated.\n\n\nNote: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3.\nPlease visit the CODESYS download area for more information on how to obtain the software update." } ], "publisher": { "category": "vendor", "contact_details": "security@codesys.com", "name": "CODESYS GmbH", "namespace": "https://www.codesys.com" }, "references": [ { "summary": "VDE-2024-024: CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files - HTML", "url": "https://certvde.com/de/advisories/VDE-2024-024/", "category": "self" }, { "category": "external", "summary": "CERT@VDE Security Advisories for CODESYS GmbH", "url": "https://certvde.com/en/advisories/vendor/codesys/" }, { "summary": "VDE-2024-024: CODESYS: Development System V2.3 affected by two vulnerabilities through corrupted project files - CSAF", "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-024.json", "category": "self" } ] }, "product_tree": { "branches": [ { "category": "vendor", "name": "CODESYS GmbH", "branches": [ { "category": "product_family", "name": "Hardware", "branches": [ { "category": "product_name", "name": "CODESYS Development System V2.3", "product": { "name": "CODESYS Development System V2.3", "product_id": "CSAFPID-11001" } } ] }, { "category": "product_family", "name": "Firmware", "branches": [ { "category": "product_version_range", "name": "<2.3.9.73", "product": { "name": "Firmware <2.3.9.73", "product_id": "CSAFPID-21001" } }, { "category": "product_version", "name": "2.3.9.73", "product": { "name": "Firmware 2.3.9.73", "product_id": "CSAFPID-22001" } } ] } ] } ], "relationships": [ { "category": "installed_on", "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11001", "full_product_name": { "name": "Firmware <2.3.9.73 installed on CODESYS Development System V2.3", "product_id": "CSAFPID-31001" } }, { "category": "installed_on", "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11001", "full_product_name": { "name": "Firmware 2.3.9.73 installed on CODESYS Development System V2.3", "product_id": "CSAFPID-32001" } } ] }, "vulnerabilities": [ { "cve": "CVE-2023-49675", "product_status": { "known_affected": [ "CSAFPID-31001" ], "fixed": [ "CSAFPID-32001" ] }, "scores": [ { "cvss_v3": { "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "temporalScore": 7.8, "temporalSeverity": "HIGH", "environmentalScore": 7.8, "environmentalSeverity": "HIGH" }, "products": [ "CSAFPID-31001" ] } ], "notes": [ { "category": "summary", "text": "An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability." } ], "title": "CVE-2023-49675", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "remediations": [ { "category": "vendor_fix", "details": "Update the CODESYS Development System V2.3 to version 2.3.9.73.\nAs of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated.\n\n\nNote: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3.\nPlease visit the CODESYS download area for more information on how to obtain the software update.", "product_ids": [ "CSAFPID-31001" ] }, { "category": "mitigation", "product_ids": [ "CSAFPID-31001" ], "details": "CODESYS GmbH strongly recommends only opening projects from trustworthy sources!\nIf the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project:\n\"The project file is corrupt. Would you still like to try to load the project?\nAttention! CODESYS could become unstable when loading a corrupt project file.\"\nIn addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project." } ] }, { "cve": "CVE-2023-49676", "title": "CVE-2023-49676", "product_status": { "known_affected": [ "CSAFPID-31001" ], "fixed": [ "CSAFPID-32001" ] }, "scores": [ { "cvss_v3": { "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM" }, "products": [ "CSAFPID-31001" ] } ], "notes": [ { "category": "summary", "text": "An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability." } ], "cwe": { "id": "CWE-416", "name": "Use After Free" }, "remediations": [ { "category": "vendor_fix", "details": "Update the CODESYS Development System V2.3 to version 2.3.9.73.\nAs of this version, projects recognized as corrupt can no longer be opened with the CODESYS Development System V2.3. If the CODESYS Development System V2.3 detects that the project file has been manipulated, the user will be informed, and the loading will be terminated.\n\n\nNote: CODESYS V2.3 is currently in the service phase. Please consider upgrading to CODESYS V3.\nPlease visit the CODESYS download area for more information on how to obtain the software update.", "product_ids": [ "CSAFPID-31001" ] }, { "category": "mitigation", "product_ids": [ "CSAFPID-31001" ], "details": "CODESYS GmbH strongly recommends only opening projects from trustworthy sources!\nIf the following dialog appears when opening a project, please pay attention to this warning and do not try to load the affected project:\n\"The project file is corrupt. Would you still like to try to load the project?\nAttention! CODESYS could become unstable when loading a corrupt project file.\"\nIn addition, we recommend saving projects with password encryption, which offers even more protection against tampering of the project." } ] } ] }