CODESYS OPC UA Server Authentication Bypass Vulnerability

A vulnerability exists in the CODESYS OPC UA Server when the non-default Basic128Rsa15 security policy is enabled. This policy, which is deprecated and relies on outdated RSA encryption, can be exploited by an unauthenticated remote attacker to access sensitive information, including authentication details. The vulnerability arises because the Basic128Rsa15 policy allows for a Bleichenbacher padding oracle attack, which can compromise the private key of the OPC UA server's certificate. As a result, an attacker could bypass application authentication or decrypt transmitted data.

Impact

Exploitation of this vulnerability allows for authentication bypass and unauthorized access to sensitive information, including authentication details.

Remediation

To address this vulnerability, update the CODESYS Runtime Toolkit to version 3.5.21.0 and remove the compiler #define 'CMPOPCUASTACK_ALLOW_SHA1_BASED_SECURITY' from the build configuration. This will disable the vulnerable Basic128Rsa15 OPC UA security policy. Device manufacturers can obtain the software update from the CODESYS Update area.