CVE-2024-8175 – An unauthenticated remote attacker can cause a ... (How to Fix)

Q: What is the severity of CVE-2024-8175?

CVE-2024-8175 has a CVSS score of 7.5 (HIGH). An unauthenticated remote attacker can cause a denial-of-service (DoS) in CODESYS web servers by triggering invalid memory access. This affects industrial control systems using vulnerable CODESYS components exposed to network access.

📋 TL;DR

An unauthenticated remote attacker can cause a denial-of-service (DoS) in CODESYS web servers by triggering invalid memory access. This affects industrial control systems using vulnerable CODESYS components exposed to network access.

💻 Affected Systems

Products:

CODESYS Control runtime systems with web server component

Versions: Multiple versions prior to specific patches (check vendor advisory)

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with CODESYS web server enabled and accessible via network.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of CODESYS web server, potentially affecting industrial control operations that depend on it.

🟠

Likely Case

Temporary DoS causing web server unavailability until restart, disrupting monitoring/configuration interfaces.

🟢

If Mitigated

Limited impact if server is isolated behind firewalls with restricted network access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated remote exploitation makes this easily weaponizable if details become public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version updates

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download=

Restart Required: Yes

Instructions:

1. Review CODESYS advisory for affected versions. 2. Download and apply appropriate patches from CODESYS. 3. Restart affected services/systems.

🔧 Temporary Workarounds

Network isolation

all

Restrict network access to CODESYS web server to trusted sources only

Disable web server

all

Temporarily disable CODESYS web server if not required

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access
Monitor for DoS attempts and implement rate limiting where possible

🔍 How to Verify

Check if Vulnerable:

Check CODESYS version against vendor advisory and verify web server is accessible

Check Version:

Check CODESYS Control version via system interface or configuration files

Verify Fix Applied:

Verify patch installation and test web server functionality

📡 Detection & Monitoring

Log Indicators:

Web server crash logs
Unexpected memory access errors
Service restart events

Network Indicators:

Unusual traffic patterns to CODESYS web ports
Multiple connection attempts from single sources

SIEM Query:

source="codesys" AND (event="crash" OR event="memory_error")

📊 Metadata

CVE ID: CVE-2024-8175

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-754

Published: September 25, 2024

Last Updated: September 26, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8175, you might also want to check these: