Easily hacking Codesys web servers

A team of cybersecurity researchers has found a critical vulnerability in CODESYS web server, which could allow a threat actor to deploy a series of remote attacks. The good news is that vendors have patched the flaw quickly after receiving the report.

In case you missed it, CODESYS web server, as described by the vendors, helps facilitating “CODESYS WebVisu to display CODESYS visualization screens in a web browser”.

As per the report, the security team from Tenable firm found a serious security issue in CODESYS web server. The technical report mentioned that they discovered a heap buffer overflow vulnerability that allows hackers to perform remote attacks on compromised implementations.

The vulnerability exists due to an improper validation of user-supplied data sent to the CODESYS V3 web server URL endpoint /WebVisuV3. The flaw, tracked as CVE-2020-10245, could allow an unauthenticated malicious hacker to collapse a target system or run arbitrary code. It was even possible for a threat actor to remotely exploit the vulnerability. Researchers also disclosed a proof-of-concept for the exploitation.

After the vulnerability was found, Tenable reported the bug to 3S-Smart Software Solutions GmbH, CODESYS developers. The vendors began to work on the fix, which is contained in the most recent version (v3.5.15.40).

The vulnerability affects all CODESYS V3 runtime systems with earlier web server versions. Cybersecurity specialists considered the flaw as high-serious and easily exploitable, so users of affected implementations are recommended to install updates as soon as possible. There are no known cases of exploitation in the wild.