CVE-2018-20026

Vulnerability

CODESYS V3 products versions prior to V3.5.14.0 contain an improper communication address filtering vulnerability in the routing protocol. This flaw can disguise the source of crafted communication packets, making it appear as though they originate from a trusted address [1][2].

Exploitation

An unauthenticated attacker with network access to the CODESYS runtime or gateway can craft and send specially designed communication packets. The improper filtering fails to verify the source address field, allowing the attacker to spoof arbitrary addresses without any prior authentication or user interaction [1][2].

Impact

Successful exploitation enables the attacker to disguise the origin of malicious packets, potentially leading to denial-of-service conditions or manipulation of data. The vulnerability may be combined with other weaknesses to affect confidentiality and integrity of stored or transmitted data. There is no indication of privilege escalation beyond the network communication plane [2].

Mitigation

The vendor has released a patch in December 2018 as part of CODESYS V3 version V3.5.14.0, which is the fixed version [1][2]. Users should update all affected products listed in the advisory to this version or later. General mitigations include isolating controllers behind firewalls, using VPNs for remote access, and limiting network exposure to trusted zones only [2].