Researchers found a critical vulnerability in CODESYS web server that could allow an attacker to conduct remote attacks. Fortunately, the vendors have patched the flaw since being alerted.
What is CODESYS?
CODESYS web server, as described by the vendors, facilitates ‘CODESYS WebVisu to display CODESYS visualization screens in a web browser’.
CODESYS Web Server Vulnerability
Reportedly, the security team from Tenable found a serious security vulnerability in CODESYS web server. Stating the details in their advisory, Tenable mentioned that they discovered a heap buffer overflow vulnerability that allowed remote attacks.
A heap overflow vulnerability exists in CmpWebServerHandlerV3.dll (file version 3.5.15.20) due to improper validation of user-supplied data sent to the CODESYS V3 web server URL endpoint /WebVisuV3.
The vulnerability (CVE-2020-10245) could hence allow an unauthenticated attacker to crash a target system or execute arbitrary codes on it. It was even possible for an adversary to exploit the bug remotely.
The researchers have also shared PoC exploit code for the vulnerability.
Vendors Patched The Flaw
After discovering the flaw, Tenable reported the bug to 3S-Smart Software Solutions GmbH, the vendors behind CODESYS. After careful coordination, the vendors released a fix for the flaw with CODESYS version 3.5.15.40.
As stated in their advisory, the flaw affects all CODESYS V3 runtime systems with earlier web server versions. They labeled the vulnerability as a critical and easily exploitable flaw. Explaining the severity of the flaw, their advisory reads,
Specific crafted requests may cause a heap-based buffer overflow. Further on this could crash the web server, lead to a denial-of-service condition or may be utilized for remote code execution. As the webserver is part of the CODESYS runtime system, this may result in unforeseen behavior of the complete runtime system.
For now, they have confirmed no specific exploitation of the bug in the wild.