3S-Smart Software Solutions GmbH CODESYS Control V3 Products

Risk Summary

Successful exploitation of this vulnerability could allow unauthorized access and exfiltration of sensitive data including user credentials.

CVEs (1)

Remediations

• 3S-Smart Software Solutions GmbH recommends activating the CODESYS Control online user management and encryption of the online communication.3S-Smart Software Solutions GmbH recommends updating to the latest software Version 3.5.14.0 or newer. The new software can be downloaded at the following location:https://www.codesys.com/download/3S-Smart Software Solutions GmbH also recommends updating the CODESYS Development System to the latest version.For more information, all public CODESYS advisories can be found at:https://www.codesys.com/security/security-reports.htmlIn general, 3S-Smart Software Solutions GmbH recommends, as part of the mitigation strategy, the following defensive measures to reduce the risk of exploitation of this vulnerability:
• Use controllers and devices only in a protected environment to minimize network exposure and ensure controllers are not accessible from outside
• Use firewalls to protect and separate the control system network from other networks
• Use VPN (Virtual Private Networks) tunnels if remote access is required
• Activate and apply user management and password features
• Limit the access to both development and control system by physical means, operating system features, etc.
• Protect both development and control system by using up-to-date virus detecting solutions.
• For more information and general recommendations for protecting machines and plants, see also the CODESYS Security Whitepaper:https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf

Affected Vendors

Affected Products (14)

Affected Sectors

Critical Manufacturing, Energy