CVE-2024-5000

CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

Un atacante remoto no autenticado puede utilizar un cliente OPC UA malicioso para enviar una solicitud manipulada a los productos CODESYS afectados, lo que puede provocar un DoS debido a un cálculo incorrecto del tamaño del búfer.

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

*Credits: ABB Schweiz AG.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-16 CVE Reserved
2024-06-04 CVE Published
2024-08-01 CVE Updated
2025-03-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-131: Incorrect Calculation of Buffer Size

CAPEC

References (2)

URL	Tag	Source
https://cert.vde.com/en/advisories/VDE-2024-026
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download=

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
CODESYS Search vendor "CODESYS"		CODESYS Control For BeagleBone SL Search vendor "CODESYS" for product "CODESYS Control For BeagleBone SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For BeagleBone SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For EmPC-A/iMX6 SL Search vendor "CODESYS" for product "CODESYS Control For EmPC-A/iMX6 SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For EmPC-A/iMX6 SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For IOT2000 SL Search vendor "CODESYS" for product "CODESYS Control For IOT2000 SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For IOT2000 SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For Linux ARM SL Search vendor "CODESYS" for product "CODESYS Control For Linux ARM SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For Linux ARM SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For Linux SL Search vendor "CODESYS" for product "CODESYS Control For Linux SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For Linux SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For PFC100 SL Search vendor "CODESYS" for product "CODESYS Control For PFC100 SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For PFC100 SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For PFC200 SL Search vendor "CODESYS" for product "CODESYS Control For PFC200 SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For PFC200 SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For PLCnext SL Search vendor "CODESYS" for product "CODESYS Control For PLCnext SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For PLCnext SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For Raspberry Pi SL Search vendor "CODESYS" for product "CODESYS Control For Raspberry Pi SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For Raspberry Pi SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For WAGO Touch Panels 600 SL Search vendor "CODESYS" for product "CODESYS Control For WAGO Touch Panels 600 SL"				< 4.12.0.0 Search vendor "CODESYS" for product "CODESYS Control For WAGO Touch Panels 600 SL" and version " < 4.12.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control RTE (for Beckhoff CX) SL Search vendor "CODESYS" for product "CODESYS Control RTE (for Beckhoff CX) SL"				< 3.5.20.10 Search vendor "CODESYS" for product "CODESYS Control RTE (for Beckhoff CX) SL" and version " < 3.5.20.10"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control RTE (SL) Search vendor "CODESYS" for product "CODESYS Control RTE (SL)"				< 3.5.20.10 Search vendor "CODESYS" for product "CODESYS Control RTE (SL)" and version " < 3.5.20.10"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Runtime Toolkit Search vendor "CODESYS" for product "CODESYS Runtime Toolkit"				< 3.5.20.10 Search vendor "CODESYS" for product "CODESYS Runtime Toolkit" and version " < 3.5.20.10"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control Win (SL) Search vendor "CODESYS" for product "CODESYS Control Win (SL)"				< 3.5.20.10 Search vendor "CODESYS" for product "CODESYS Control Win (SL)" and version " < 3.5.20.10"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS HMI (SL) Search vendor "CODESYS" for product "CODESYS HMI (SL)"				< 3.5.20.10 Search vendor "CODESYS" for product "CODESYS HMI (SL)" and version " < 3.5.20.10"		en		Affected