3S-Smart Software Solutions GmbH CODESYS Web Server

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit.

CVEs (1)

Remediations

• This vulnerability will be fixed by patch V.1.1.9.19 for the CODESYS V2.3 web server for Windows. This will be part of the CODESYS setup V2.3.9.56. The release of this security patch was made available on January 30, 2018.
• Currently, 3S-Smart Software Solutions GmbH has not identified any workarounds for this vulnerability.
• Use controllers and devices only in a protected environment to minimize network exposure and ensure they are not accessible from outside.
• Use firewalls to protect and separate the control system network from other networks.
• Use VPN (Virtual Private Networks) tunnels if remote access is required.
• Protect both development and control systems from unauthorized access (e.g., by means of the operating system).
• Protect both development and control system by using up-to-date virus detecting solutions.
• For additional information regarding the CODESYS products, or about the described vulnerability, please contact the 3S-Smart Software Solutions support team
• For additional information find the CODESYS Security update
• For more information and general recommendations for protecting machines and manufacturing facilities, see the CODESYS Security whitepaper

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing, Energy