CODESYS Control RTE V3 (for Beckhoff CX) Modbus & OPC Edition or Ultimate Edition CODESYS v3.CODESYS routing protocol may disguise the source of crafted communication packets.Successful exploitation of this vulnerability could allow an attacker to get access to sensitive information.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAll variants of the following CODESYS V3 products in all versions prior to V3.5.14.0 containing the CmpRouter component are affected, regardless of the CPU type or the operating system: 5 Mitigation CODESYS GmbH recommends using the available software update to fix the vulnerability.It has function codes 1(read coils), 3(read registers), 5(write coil).Use firewalls to protect and separate the control network from other networks Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside CODESYS V3 Embedded Target Visu Toolkit3S-Smart Software Solutions GmbH has released version V3.5.14.0 to resolve this vulnerability issue for all affected CODESYS products.To date, 3S-Smart Software Solutions GmbH has not identified any workarounds for this vulnerability.In general, 3S-Smart Software Solutions GmbH recommends the following defensive measures as part of the mitigation strategy to reduce the risk of exploitation of this vulnerability: CODESYS Control V3 Runtime System Toolkit
Codesys V3.5 Software Update ToCodesys V3.5 Update To FixCodesys V3.5 Password Protection FeaturesRestrict access to both the development system and the control system using physical methods, the operating system’s features, etc. Activate and apply user management and password protection features
0 Comments
Leave a Reply. |
AuthorTyra ArchivesCategories |