3S-Smart Software Solutions CODESYS GatewayService memory corruption vulnerability [CVE-2019-5105]

CVE number – CVE-2019-5105

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.

3S-Smart Software Solutions CODESYS is licensed to vendors who are creating PLCs, or can be purchased directly from 3S-Smart Software Solutions for directly supported platforms. This software is used to turn any device into a soft PLC. The wide range of support allows easy adoption for industrial applications, being able to run on Windows, Linux, or even bare metal. The GatewayService.exe is required to be able to talk to the end device such as a PLC, and will be running on any Windows device that is being used to program or monitor a CODESYS runtime.

Tested Versions

3S-Smart Software Solutions CODESYS 3.5.15.0

Timeline

2019-09-19 – Initial Contact
2019-09-23 – Vendor Disclosure
2020-03-25 – Vendor Patched; Public Release