We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
CoDe16; 16 Zero-Day Vulnerabilities Affecting CODESYS Framework Leading to Remote Code Execution
Discover 16 zero-day vulnerabilities in CODESYS framework, leading to remote code execution and denial-of-service attacks. Learn how an attacker can take control of devices and the importance of timely updates to mitigate these risks.
- 16 CVs (Common Vulnerabilities) were discovered in the CODESYS framework, leading to remote code execution (RCE).
- Many of the CVs were used to achieve denial-of-service (DOS) attacks.
- The component trace manager is a key player in these vulnerabilities, as it allows the storage and management of code execution.
- CODESYS lacks DEP (Data Execution Prevention) and has no mitigations against stack-based overflow attacks.
- The author successfully bypassed DEP using a return-to-libc attack.
- The CODESYS framework consists of components, each with its own service layer, which can be used to achieve RCE.
- The author demonstrated a successful remote code execution attack on the Schneider Electric TM251 PLC device.
- The attack involves sending a malicious packet to the device, which is then executed, allowing the attacker to take control of the device.
- CODESYS is widely used in various industries, including process automation, energy, transportation, and smart housing, making it a lucrative target for attackers.
- The author recommends updating patches when they are released to mitigate these vulnerabilities.