Nozomi Networks Labs

Successful exploitation of this vulnerability could allow an attacker to escalate privileges and execute malicious programs. This could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.

This vulnerability could cause a denial-of-service condition when reading data with invalid index using Modbus TCP.

An attacker may send large message packages repeatedly to the telnet service, which may create a denial-of-service condition.

An attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability.

An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device.

A remote, unauthenticated threat actor may intentionally send specially-crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.

Non-administrative users are able to change executable and library files on the affected products.

A specially-crafted DLL file may be placed in the search path and loaded as an internal and valid DLL. This may allow arbitrary code execution.

Improper path validation may allow an attacker to replace executable files.

Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources, which may be transferred to devices and executed there by a different user.

Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially-crafted files. This may prevent TIA Portal startup (denial-of-service) or lead to local code execution.

The device does not properly validate input, which could allow a remote attacker to send specially-crafted packets. This may cause the device to become unavailable.

A remote attack may take advantage of an improper implementation of the 3-way handshake during a TCP connection, affecting the communications with commission and service tools. Specially-crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software. This may result in a denial-of-service condition relating to communications with commissioning and service tools.

A stack-based buffer overflow vulnerability caused by sending crafted packets on port 20547 could force the PLC to change its state into halt mode.

Successful exploitation of this vulnerability may render the device unresponsive. A physical reset of the PLC may be required.