3S CODESYS Runtime 3.x < 3.5.14.0 Insufficient Access Control Vulnerability

Critical Nessus Plugin ID 120947

Synopsis

A programmable logic controller (PLC) runtime on the remote host is
affected by authentication bypass and unencrypted communications
vulnerabilities.

Description

The 3S CODESYS Runtime environment running on the remote host is
affected by authentication bypass and unencrypted communications
vulnerabilities due missing security controls. An unauthenticated,
remote attacker can exploit this vulnerability to take control of the
affected host.

Note: Nessus checked the version to determine if user authentication
and encryption could be enabled. It did not verify the user authentication
and encryption security controls were enabled.

Solution

Upgrade 3S CODESYS Runtime to version 3.5.14.0 or higher. If
upgrading to 3.5.14.0, enable user authentication and encryption. If
upgrading to 3.5.15.0 and later, no additional action is required.

See Also

http://www.nessus.org/u?3d0759b1

https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03

Plugin Details

Severity: Critical

ID: 120947

File Name: scada_codesys_runtime_3_4_14_0.nbin

Version: 1.5

Type: remote

Family: SCADA

Published: 2019/01/03

Modified: 2019/02/15

Dependencies: 62795

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2018-10612

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:3s-software:codesys_runtime_system

Patch Publication Date: 2018/12/19

Vulnerability Publication Date: 2018/12/19

Reference Information

CVE: CVE-2018-10612, CVE-2018-20025, CVE-2018-20026

ICSA: 18-352-03

IAVA: 2019-A-0001