CVE-2024-6876 – An out-of-bounds read vulnerability in the OSCA... (How to Fix)

Q: What is the severity of CVE-2024-6876?

CVE-2024-6876 has a CVSS score of 4.4 (MEDIUM). An out-of-bounds read vulnerability in the OSCAT Basic Library used in CODESYS PLC systems allows local unprivileged attackers to read limited internal PLC data, potentially causing service crashes. This affects industrial control systems using vulnerable CODESYS components. Attackers need local access to exploit this vulnerability.

📋 TL;DR

An out-of-bounds read vulnerability in the OSCAT Basic Library used in CODESYS PLC systems allows local unprivileged attackers to read limited internal PLC data, potentially causing service crashes. This affects industrial control systems using vulnerable CODESYS components. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

CODESYS Control runtime systems
CODESYS Development System
Systems using OSCAT Basic Library

Versions: CODESYS Control runtime systems prior to specific patches mentioned in vendor advisory

Operating Systems: Windows, Linux, Various real-time operating systems used in industrial environments

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using OSCAT Basic Library components within CODESYS ecosystem. Industrial PLCs and control systems are primarily affected.

📦 What is this software?

Oscat Basic Library by Codesys

View all CVEs affecting Oscat Basic Library →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Service crash leading to PLC disruption and potential industrial process interruption in critical infrastructure environments.

🟠

Likely Case

Limited information disclosure of PLC internal data and potential denial of service through application crashes.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting local attacker access.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers on the same system can cause service disruption and information disclosure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the system. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific versions listed in CODESYS advisory VDE-2024-046

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18601&token=27389a52e058d95ff70b17a2370fedf07e073034&download=

Restart Required: Yes

Instructions:

1. Review CODESYS advisory VDE-2024-046. 2. Identify affected CODESYS components in your environment. 3. Apply vendor-provided patches. 4. Restart affected PLCs and control systems. 5. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLC systems from general network access to limit local attack surface

Access Control Hardening

all

Restrict local user access to PLC systems and implement least privilege principles

🧯 If You Can't Patch

Implement strict network segmentation to isolate PLC systems from untrusted networks
Apply principle of least privilege and restrict local user access to critical control systems

🔍 How to Verify

Check if Vulnerable:

Check CODESYS component versions against advisory VDE-2024-046. Review system logs for unexpected crashes or access attempts.

Check Version:

Check CODESYS Control runtime version through CODESYS development environment or system administration tools

Verify Fix Applied:

Verify CODESYS component versions match patched versions from vendor advisory. Test system stability and monitor for crashes.

📡 Detection & Monitoring

Log Indicators:

Unexpected PLC service crashes
Access attempts to OSCAT library components
Memory access violations in system logs

Network Indicators:

Unusual local network traffic to PLC systems
Multiple connection attempts to control system services

SIEM Query:

source="plc_logs" AND (event_type="crash" OR event_type="memory_violation") AND component="OSCAT"

📊 Metadata

CVE ID: CVE-2024-6876

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-125

Published: September 10, 2024

Last Updated: October 1, 2024

🔗 References

https://certvde.com/en/advisories/VDE-2024-046/ Third Party Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18601&token=27389a52e058d95ff70b17a2370fedf07e073034&download= Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6876, you might also want to check these: