An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Control_for_beaglebone_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_beckhoff_cx9020 | Codesys | * | 4.5.0.0 (excluding) |
Control_for_empc-a/imx6_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_iot2000_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_linux_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_pfc100_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_pfc200_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_plcnext_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_raspberry_pi_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_for_wago_touch_panels_600_sl | Codesys | * | 4.5.0.0 (excluding) |
Control_rte_sl | Codesys | * | 3.5.18.0 (excluding) |
Control_rte_sl_(for_beckhoff_cx) | Codesys | * | 3.5.18.0 (excluding) |
Control_runtime_system_toolkit | Codesys | * | 3.5.18.0 (excluding) |
Control_win_sl | Codesys | * | 3.5.18.0 (excluding) |
Development_system | Codesys | 3.0 (including) | 3.5.18.0 (excluding) |
Edge_gateway | Codesys | * | 3.5.18.0 (excluding) |
Edge_gateway | Codesys | * | 4.5.0.0 (excluding) |
Embedded_target_visu_toolkit | Codesys | * | 3.5.18.0 (excluding) |
Gateway | Codesys | * | 3.5.18.0 (excluding) |
Hmi_sl | Codesys | * | 3.5.18.0 (excluding) |
Remote_target_visu_toolkit | Codesys | * | 3.5.18.0 (excluding) |