#VU21102 Path traversal in CODESYS products - CVE-2019-13532


Vulnerability identifier: #VU21102

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-13532

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CODESYS firmware
Server applications / SCADA systems
CODESYS Control for BeagleBone
Client/Desktop applications / Other client software
CODESYS Control for emPC-A/iMX6
Client/Desktop applications / Other client software
CODESYS Control for IOT2000
Client/Desktop applications / Other client software
CODESYS Control for Linux
Client/Desktop applications / Other client software
CODESYS Control for PFC100
Client/Desktop applications / Other client software
CODESYS Control for PFC200
Client/Desktop applications / Other client software
CODESYS Control for Raspberry Pi
Client/Desktop applications / Other client software
CODESYS Control RTE V3 (for Beckhoff CX)
Client/Desktop applications / Other client software
CODESYS Control RTE V3
Client/Desktop applications / Other client software
CODESYS Control Win V3 (part of the CODESYS Development System setup)
Client/Desktop applications / Other client software
CODESYS HMI V3
Client/Desktop applications / Other client software
CODESYS Control V3 Runtime System Toolkit
Client/Desktop applications / Other client software
CODESYS V3 Embedded Target Visu Toolkit
Client/Desktop applications / Other client software
CODESYS V3 Remote Target Visu Toolkit
Client/Desktop applications / Other client software

Vendor: CODESYS

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the CODESYS V3 web server. A remote attacker can send a specially crafted HTTP or HTTPS request and read arbitrary files outside the restricted working directory of the controller.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CODESYS firmware: 1.1.9.18 - 3.5.14.40

CODESYS Control for BeagleBone: All versions

CODESYS Control for emPC-A/iMX6: All versions

CODESYS Control for IOT2000: All versions

CODESYS Control for Linux: All versions

CODESYS Control for PFC100: All versions

CODESYS Control for PFC200: All versions

CODESYS Control for Raspberry Pi: All versions

CODESYS Control RTE V3 (for Beckhoff CX): All versions

CODESYS Control RTE V3: All versions

CODESYS Control Win V3 (part of the CODESYS Development System setup): All versions

CODESYS HMI V3: All versions

CODESYS Control V3 Runtime System Toolkit: All versions

CODESYS V3 Embedded Target Visu Toolkit: All versions

CODESYS V3 Remote Target Visu Toolkit: All versions

External links
https://ics-cert.us-cert.gov/advisories/icsa-19-255-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


OpenSUSE Linux update for git
Gentoo update for Git
OpenSUSE Linux update for git
Amazon Linux AMI update for git
Multiple vulnerabilities in CODESYS products