cvelistv5 - cve-2024-6876

CVE-2024-6876 (GCVE-0-2024-6876)

Vulnerability from cvelistv5

Published

2024-09-10 15:08

Modified

2024-10-01 06:27

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-125 - Out-of-bounds Read

Summary

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

References

URL

Tags

	info@cert.vde.com	https://certvde.com/en/advisories/VDE-2024-046/	Third Party Advisory
	info@cert.vde.com	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18601&token=27389a52e058d95ff70b17a2370fedf07e073034&download=	Vendor Advisory

Impacted products

Vendor

Product

Version

oscat.de

OSCAT Basic Library

Version: 0 < 3.3.5

	oscat.de	OSCAT Basic Library	Version: 0 < 335
	CODESYS	OSCAT Basic Library	Version: 0.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6876",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:31.572005Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T16:16:48.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OSCAT Basic Library",
          "vendor": "oscat.de",
          "versions": [
            {
              "lessThan": "3.3.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OSCAT Basic Library",
          "vendor": "oscat.de",
          "versions": [
            {
              "lessThan": "335",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OSCAT Basic Library",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "\u003c3.3.5.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Corban Villa"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hithem Lamri"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Constantine Doumanidis"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michail Maniatakos"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Modern Microprocessors Architecture (MoMA) Lab at NYU Abu Dhabi"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "CODESYS"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\u003cbr\u003e"
            }
          ],
          "value": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-01T06:27:27.135Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
        },
        {
          "url": "https://certvde.com/en/advisories/VDE-2024-046/"
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#641645"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds read in OSCAT-Library",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-6876",
    "datePublished": "2024-09-10T15:08:16.212Z",
    "dateReserved": "2024-07-18T06:31:20.701Z",
    "dateUpdated": "2024-10-01T06:27:27.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6876\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2024-09-10T16:15:22.197\",\"lastModified\":\"2024-10-01T07:15:05.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de lectura fuera de los l\u00edmites en la librer\u00eda b\u00e1sica OSCAT permite que un atacante local sin privilegios acceda a datos internos limitados del PLC, lo que puede provocar un bloqueo del servicio afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:oscat_basic_library:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.5.0\",\"matchCriteriaId\":\"40E6168D-7595-477A-A25D-6045EBDC01AC\"}]}]}],\"references\":[{\"url\":\"https://certvde.com/en/advisories/VDE-2024-046/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download=\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6876\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:16:31.572005Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T16:16:41.842Z\"}}], \"cna\": {\"title\": \"Out-of-bounds read in OSCAT-Library\", \"source\": {\"defect\": [\"CERT@VDE#641645\"], \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Corban Villa\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Hithem Lamri\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Constantine Doumanidis\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Michail Maniatakos\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Modern Microprocessors Architecture (MoMA) Lab at NYU Abu Dhabi\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"CODESYS\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"oscat.de\", \"product\": \"OSCAT Basic Library\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.3.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"oscat.de\", \"product\": \"OSCAT Basic Library\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"335\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"OSCAT Basic Library\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"\u003c3.3.5.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download=\"}, {\"url\": \"https://certvde.com/en/advisories/VDE-2024-046/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2024-10-01T06:27:27.135Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6876\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-01T06:27:27.135Z\", \"dateReserved\": \"2024-07-18T06:31:20.701Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2024-09-10T15:08:16.212Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

icsa-24-326-02

Vulnerability from csaf_cisa

Published

2024-11-21 07:00

Modified

2024-11-21 07:00

Summary

OSCAT Basic Library

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service.

Critical infrastructure sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Corban Villa",
          "Hithem Lamri",
          "Constantine Doumanidis",
          "Michail Maniatakos"
        ],
        "organization": "Modern Microprocessors Architecture (MoMA) Lab",
        "summary": "reporting this vulnerability to CERT@VDE and CODESYS"
      },
      {
        "names": [
          "Modern Microprocessors Architecture (MoMA) Lab"
        ],
        "organization": "NYU Abu Dhabi",
        "summary": "reporting this vulnerability to CERT@VDE and CODESYS"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-326-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-326-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-326-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "OSCAT Basic Library",
    "tracking": {
      "current_release_date": "2024-11-21T07:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-326-02",
      "initial_release_date": "2024-11-21T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-11-21T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.3.5.0",
                "product": {
                  "name": "CODESYS GmbH CODESYS OSCAT Basic Library: 3.3.5.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS OSCAT Basic Library"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=3.3.5",
                "product": {
                  "name": "CODESYS GmbH oscat.de OSCAT Basic Library: \u003c=3.3.5",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "oscat.de OSCAT Basic Library"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=335",
                "product": {
                  "name": "CODESYS GmbH oscat.de OSCAT Basic Library: \u003c=335",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "oscat.de OSCAT Basic Library"
          }
        ],
        "category": "vendor",
        "name": "CODESYS GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6876",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product is vulnerable to an out-of-bounds read in the OSCAT Basic Library, which allows a local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6876"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "CODESYS GmbH recommends users update OSCAT Basic Library to address the security vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Update the OSCAT Basic Library to Version 3.3.5.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "To make the fix effective for existing CODESYS projects, the user also must adjust the version of the OSCAT Basic library to be used in the Library Manager of the CODESYS project to Version 3.3.5.0. Then the user must update the CODESYS application on the PLC by download or online change and rebuild/download the boot application.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Without an update, the vulnerability can be prevented by validating all values in the PLC program before they are passed to the affected function. In particular, negative values must be blocked as function parameters of MONTH_TO_STRING.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Regardless of whether the OSCAT Basic library in the programming system was updated or the security vulnerability in the PLC program was mitigated, a download or online change must be performed to update the application on the PLC. CODESYS reminds users to rebuild/download the boot project.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information see the associated CERT@VDE security advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://certvde.com/de/advisories/VDE-2024-046/"
        },
        {
          "category": "mitigation",
          "details": "For a list of system environments the library has been validated against see OSCAT\u0027s library documentation.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.oscat.de/de/component/jdownloads/send/2-oscat-basic/9-oscat-basic333-en.html?Itemid=0"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

ICSA-24-326-02

Vulnerability from csaf_cisa

Published

2024-11-21 07:00

Modified

2024-11-21 07:00

Summary

OSCAT Basic Library

Notes

Legal Notice

Risk evaluation

Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service.

Critical infrastructure sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Corban Villa",
          "Hithem Lamri",
          "Constantine Doumanidis",
          "Michail Maniatakos"
        ],
        "organization": "Modern Microprocessors Architecture (MoMA) Lab",
        "summary": "reporting this vulnerability to CERT@VDE and CODESYS"
      },
      {
        "names": [
          "Modern Microprocessors Architecture (MoMA) Lab"
        ],
        "organization": "NYU Abu Dhabi",
        "summary": "reporting this vulnerability to CERT@VDE and CODESYS"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-326-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-326-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-326-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "OSCAT Basic Library",
    "tracking": {
      "current_release_date": "2024-11-21T07:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-326-02",
      "initial_release_date": "2024-11-21T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-11-21T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.3.5.0",
                "product": {
                  "name": "CODESYS GmbH CODESYS OSCAT Basic Library: 3.3.5.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS OSCAT Basic Library"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=3.3.5",
                "product": {
                  "name": "CODESYS GmbH oscat.de OSCAT Basic Library: \u003c=3.3.5",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "oscat.de OSCAT Basic Library"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=335",
                "product": {
                  "name": "CODESYS GmbH oscat.de OSCAT Basic Library: \u003c=335",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "oscat.de OSCAT Basic Library"
          }
        ],
        "category": "vendor",
        "name": "CODESYS GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6876",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product is vulnerable to an out-of-bounds read in the OSCAT Basic Library, which allows a local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6876"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "CODESYS GmbH recommends users update OSCAT Basic Library to address the security vulnerability:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Update the OSCAT Basic Library to Version 3.3.5.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "To make the fix effective for existing CODESYS projects, the user also must adjust the version of the OSCAT Basic library to be used in the Library Manager of the CODESYS project to Version 3.3.5.0. Then the user must update the CODESYS application on the PLC by download or online change and rebuild/download the boot application.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Without an update, the vulnerability can be prevented by validating all values in the PLC program before they are passed to the affected function. In particular, negative values must be blocked as function parameters of MONTH_TO_STRING.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Regardless of whether the OSCAT Basic library in the programming system was updated or the security vulnerability in the PLC program was mitigated, a download or online change must be performed to update the application on the PLC. CODESYS reminds users to rebuild/download the boot project.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information see the associated CERT@VDE security advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://certvde.com/de/advisories/VDE-2024-046/"
        },
        {
          "category": "mitigation",
          "details": "For a list of system environments the library has been validated against see OSCAT\u0027s library documentation.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "http://www.oscat.de/de/component/jdownloads/send/2-oscat-basic/9-oscat-basic333-en.html?Itemid=0"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

fkie_cve-2024-6876

Vulnerability from fkie_nvd

Published

2024-09-10 16:15

Modified

2024-10-01 07:15

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Summary

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

References

	URL	Tags
	info@cert.vde.com	https://certvde.com/en/advisories/VDE-2024-046/	Third Party Advisory
	info@cert.vde.com	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18601&token=27389a52e058d95ff70b17a2370fedf07e073034&download=	Vendor Advisory

Impacted products

	Vendor	Product	Version
	codesys	oscat_basic_library	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codesys:oscat_basic_library:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40E6168D-7595-477A-A25D-6045EBDC01AC",
              "versionEndExcluding": "3.5.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de lectura fuera de los l\u00edmites en la librer\u00eda b\u00e1sica OSCAT permite que un atacante local sin privilegios acceda a datos internos limitados del PLC, lo que puede provocar un bloqueo del servicio afectado."
    }
  ],
  "id": "CVE-2024-6876",
  "lastModified": "2024-10-01T07:15:05.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-10T16:15:22.197",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://certvde.com/en/advisories/VDE-2024-046/"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2024-2096

Vulnerability from csaf_certbund

Published

2024-09-09 22:00

Modified

2024-09-09 22:00

Summary

CODESYS: Schwachstelle in der OSCAT Basic Bibliothek ermöglicht Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

CODESYS ist eine herstellerunabhängige Automatisierungssoftware für die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in CODESYS in der OSCAT Basic Bibliothek ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "CODESYS ist eine herstellerunabh\u00e4ngige Automatisierungssoftware f\u00fcr die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in CODESYS in der  OSCAT Basic Bibliothek ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2096 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2096.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2096 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2096"
      },
      {
        "category": "external",
        "summary": "CODESYS Security Advisory vom 2024-09-09",
        "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
      }
    ],
    "source_lang": "en-US",
    "title": "CODESYS: Schwachstelle in der OSCAT Basic Bibliothek erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2024-09-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-10T12:03:43.689+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-2096",
      "initial_release_date": "2024-09-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-09-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "OSCAT Basic library \u003c3.3.5",
                "product": {
                  "name": "CODESYS CODESYS OSCAT Basic library \u003c3.3.5",
                  "product_id": "T037407"
                }
              },
              {
                "category": "product_version",
                "name": "OSCAT Basic library 3.3.5",
                "product": {
                  "name": "CODESYS CODESYS OSCAT Basic library 3.3.5",
                  "product_id": "T037407-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:codesys:codesys:oscat_basic_library__3.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS"
          }
        ],
        "category": "vendor",
        "name": "CODESYS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6876",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in CODESYS in der verwendeten OSCAT Basic Bibliothek. Die Funktion MONTH_TO_STRING der OSCAT Basic Bibliothek pr\u00fcft nicht vollst\u00e4ndig die g\u00fcltigen Bereiche der \u00fcbergebenen Werte. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch entsprechende Eingaben Out-of-Bounds-Lesezugriffe durchzuf\u00fchren und so begrenzte interne Daten aus der SPS auszulesen oder sie m\u00f6glicherweise zum Absturz zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037407"
        ]
      },
      "release_date": "2024-09-09T22:00:00.000+00:00",
      "title": "CVE-2024-6876"
    }
  ]
}

wid-sec-w-2024-2096

Vulnerability from csaf_certbund

Published

2024-09-09 22:00

Modified

2024-09-09 22:00

Summary

CODESYS: Schwachstelle in der OSCAT Basic Bibliothek ermöglicht Denial of Service

Notes

Produktbeschreibung

CODESYS ist eine herstellerunabhängige Automatisierungssoftware für die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in CODESYS in der OSCAT Basic Bibliothek ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "CODESYS ist eine herstellerunabh\u00e4ngige Automatisierungssoftware f\u00fcr die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in CODESYS in der  OSCAT Basic Bibliothek ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2096 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2096.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2096 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2096"
      },
      {
        "category": "external",
        "summary": "CODESYS Security Advisory vom 2024-09-09",
        "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
      }
    ],
    "source_lang": "en-US",
    "title": "CODESYS: Schwachstelle in der OSCAT Basic Bibliothek erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2024-09-09T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-10T12:03:43.689+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-2096",
      "initial_release_date": "2024-09-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-09-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "OSCAT Basic library \u003c3.3.5",
                "product": {
                  "name": "CODESYS CODESYS OSCAT Basic library \u003c3.3.5",
                  "product_id": "T037407"
                }
              },
              {
                "category": "product_version",
                "name": "OSCAT Basic library 3.3.5",
                "product": {
                  "name": "CODESYS CODESYS OSCAT Basic library 3.3.5",
                  "product_id": "T037407-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:codesys:codesys:oscat_basic_library__3.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS"
          }
        ],
        "category": "vendor",
        "name": "CODESYS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6876",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in CODESYS in der verwendeten OSCAT Basic Bibliothek. Die Funktion MONTH_TO_STRING der OSCAT Basic Bibliothek pr\u00fcft nicht vollst\u00e4ndig die g\u00fcltigen Bereiche der \u00fcbergebenen Werte. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch entsprechende Eingaben Out-of-Bounds-Lesezugriffe durchzuf\u00fchren und so begrenzte interne Daten aus der SPS auszulesen oder sie m\u00f6glicherweise zum Absturz zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037407"
        ]
      },
      "release_date": "2024-09-09T22:00:00.000+00:00",
      "title": "CVE-2024-6876"
    }
  ]
}

ghsa-9qjv-xm65-gq4f

Vulnerability from github

Published

2024-09-10 18:30

Modified

2024-09-10 18:30

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-6876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T16:15:22Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.",
  "id": "GHSA-9qjv-xm65-gq4f",
  "modified": "2024-09-10T18:30:44Z",
  "published": "2024-09-10T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6876"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/en/advisories/VDE-2024-046"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18601\u0026token=27389a52e058d95ff70b17a2370fedf07e073034\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-6876 (GCVE-0-2024-6876)

Vulnerability from cvelistv5

icsa-24-326-02

Vulnerability from csaf_cisa

ICSA-24-326-02

Vulnerability from csaf_cisa

fkie_cve-2024-6876

Vulnerability from fkie_nvd

WID-SEC-W-2024-2096

Vulnerability from csaf_certbund

wid-sec-w-2024-2096

Vulnerability from csaf_certbund

ghsa-9qjv-xm65-gq4f

Vulnerability from github

Tags

Sightings

Nomenclature