← Back to home
ICSA-18-352-04  ·  Published 2018-12-18  ·  View on CISA ICS-CERT ↗

3S-Smart Software Solutions GmbH CODESYS V3 Products

CVSS 9.4 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to disguise the source of malicious communication packets and also exploit a random values weakness affecting confidentiality and integrity of data stored on the device.

CVEs (2)

Remediations

  • 3-S Smart Software Solutions GmbH has released a new version of the software that can be downloaded from:https://www.codesys.com/download/For more information, all public CODESYS advisories can be found at:https://www.codesys.com/security/security-reports.html3S-Smart Software Solutions GmbH recommends the following general defensive measures to reduce the risk of exploitation of these vulnerabilities:
  • Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
  • Use firewalls to protect and separate the control system network from other networks
  • Use VPN (virtual private networks) tunnels if remote access is required
  • Activate and apply user management and password features
  • Limit the access to both development and control system by physical means, operating system features, etc.
  • Protect both development and control system by using up to date virus detecting solutions

Affected Vendors

3S-Smart Software Solutions GmbH

Affected Products (20)

3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control for BeagleBone
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control for emPC-A/iMX6
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control for IOT2000
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control for Linux
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control for PFC100
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control for PFC200
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS V3 products - CODESYS Control for Raspberry Pi
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control RTE V3
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control RTE V3 (for Beckhoff CX)
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control Win V3 (also part of the CODESYS Development System setup)
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control V3 Runtime System Toolkit
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Control V3 Runtime System Toolkit
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS V3 Remote Target Visu Toolkit
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS V3 Safety SIL2
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS Gateway V3
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS HMI V3
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS OPC Server V3
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS PLCHandler SDK
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS V3 Development System
3S-Smart Software Solutions GmbH · CODESYS V3 products CODESYS V3 Simulation Runtime (part of the CODESYS Development System)

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more