← back
CVE-2024-5000

CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products

CVSS 7.5 HIGHEPSS 0.6%CWE-131
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
CODESYS · CODESYS Control for BeagleBone SLCODESYS · CODESYS Control for emPC-A/iMX6 SLCODESYS · CODESYS Control for IOT2000 SLCODESYS · CODESYS Control for Linux ARM SLCODESYS · CODESYS Control for Linux SLCODESYS · CODESYS Control for PFC100 SLCODESYS · CODESYS Control for PFC200 SLCODESYS · CODESYS Control for PLCnext SLCODESYS · CODESYS Control for Raspberry Pi SLCODESYS · CODESYS Control for WAGO Touch Panels 600 SLCODESYS · CODESYS Control RTE (for Beckhoff CX) SLCODESYS · CODESYS Control RTE (SL)CODESYS · CODESYS Control Win (SL)CODESYS · CODESYS HMI (SL)CODESYS · CODESYS Runtime Toolkit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.vde.com/en/advisories/VDE-2024-026https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download=