CoDe16; 16 Zero-Day Vulnerabilities Affecting CODESYS Framework Leading to Remote Code Execution

Automation

Discover 16 zero-day vulnerabilities in CODESYS framework, leading to remote code execution and denial-of-service attacks. Learn how an attacker can take control of devices and the importance of timely updates to mitigate these risks.

Key takeaways
  • 16 CVs (Common Vulnerabilities) were discovered in the CODESYS framework, leading to remote code execution (RCE).
  • Many of the CVs were used to achieve denial-of-service (DOS) attacks.
  • The component trace manager is a key player in these vulnerabilities, as it allows the storage and management of code execution.
  • CODESYS lacks DEP (Data Execution Prevention) and has no mitigations against stack-based overflow attacks.
  • The author successfully bypassed DEP using a return-to-libc attack.
  • The CODESYS framework consists of components, each with its own service layer, which can be used to achieve RCE.
  • The author demonstrated a successful remote code execution attack on the Schneider Electric TM251 PLC device.
  • The attack involves sending a malicious packet to the device, which is then executed, allowing the attacker to take control of the device.
  • CODESYS is widely used in various industries, including process automation, energy, transportation, and smart housing, making it a lucrative target for attackers.
  • The author recommends updating patches when they are released to mitigate these vulnerabilities.

More talks

Catching Commits to Secure Infrastructure as Code • Rosemary Wang • GOTO 2023

Release It! • Michael Nygard & Trisha Gee

Ryan May - Building MetPy for the Long Term | SciPy 2023

PHP UK 2023 - Track 3 (King Vault)

Infrastructure as Code Programs: How to Test, Finally by Daniel Sokolowski and Guido Salvaneschi

Kat Gaines - Mastering incident communication

Keynote: As an Artist, AI Is Your Assistant, Not Your Competitor! by Bernhard Wagner

ElixirConf 2023 - Michał Śledź - Rewrite Pion in Elixir