Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered an exploitable code execution vulnerability in 3S’ CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-

complaint industrial controller. A specific task in this system contains a code execution vulnerability that an attacker could exploit by sending a malicious packet to the victim machine.

In accordance with our coordinated disclosure policy, Cisco Talos worked with 3S to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

3S — Smart Software Solutions GmbH CODESYS runtime PLC_Task code execution vulnerability (TALOS-2020-1003/CVE-2020-6081)

An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that this vulnerability affects 3S GmbH CODESYS Runtime, version 3.5.14.30.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53010