- Solutions
- Cybersecurity
Cybersecurity:
Your Business Protected Against Attacks
With advances in communication technologies, machines and systems are becoming increasingly interconnected through the internet. In this context, protection against cyberattacks becomes essential to ensure security, data integrity, and the continuity of industrial operations.
Ask for a advisory
Do you want to implement your current project with us? We will be happy to advise you!
Prevention, Identification, and Resolution of Vulnerabilities
The security features embedded in Altus products are constantly reviewed and updated to prevent potential vulnerabilities. However, in cases where a vulnerability is identified by external agents, we are committed to resolving these issues within a reasonable timeframe.
In the Cybersecurity Manual, we provide important information about security when using Altus products.
List of Security Advisories Published by Altus
These advisories provide essential information about known vulnerabilities, including possible workarounds and available security updates. It is up to the technical evaluation of the users of our products to determine if and when to implement the recommended updates.
If you detect a potential vulnerability that directly or indirectly affects an Altus product, please inform us via email at ouvidoria@altus.com.br.
Help keeping the high security of Altus' products
Version from which the vulnerability is fixed.
HX: 1.14.36.5, XP: 1.14.20.0, NX300x: 1.14.20.0, NL: 1.14.31.4, NX30x0: 1.14.7.0.
CVE: In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Version from which the vulnerability is fixed.
HX: 1.14.36.5, XP: 1.14.20.0, NX300x: 1.14.20.0, NL: 1.14.31.4, NX30x0: 1.14.7.0.
CVE: In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Version from which the vulnerability is fixed.
HX: 1.12.32.4, XP(exceto 351 e 350 ): 1.12.5.3, 300x (exceto 3008): 1.12.5.3, 30×0: até 1.10.8.0.
CVE: A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
Version from which the vulnerability is fixed.
HX: 1.14.36.5, XP: 1.14.20.0, NX300x: 1.14.20.0, NL: 1.14.31.4 NX30x0: 1.14.7.0.
CVE: Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.
Version from which the vulnerability is fixed.
HX: 1.9.4.0, XP: 1.8.5.0, NX3003: 1.8.11.0, NX3004 e 5: até 1.8.11.0, NX30x0: até 1.8.3.0
CVE: An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected.
Version from which the vulnerability is fixed.
HX: 1.9.4.0, XP: 1.8.5.0, NX3003: 1.8.11.0, NX3004 e 5: até 1.8.11.0, NX30x0: até 1.8.3.0
Descrição CVE: An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected,
Version from which the vulnerability is fixed.
HX: 1.7.40.0, NX3004 e 5: até 1.7.17.0, NX30x0: até 1.7.0.8
Descrição CVE: The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
Version from which the vulnerability is fixed.
XTORM: 1.7.58.0 e 1.7.40.0, XP (exceto 350, 351 e 340): 1.7.49.0, NX3003: 1.8.11.0, NX30x0: 1.8.3.0
Descrição CVE: In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Version from which the vulnerability is fixed.
MTOOL 8500 3.60
Descrição CVE: Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.
Version from which the vulnerability is fixed.
MTOOL 8500 3.60
Descrição CVE: In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Version from which the vulnerability is fixed.
MTOOL 8500 3.60
CVE: In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Version from which the vulnerability is fixed.
MTOOL 8500 3.60
CVE: In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
CVE: A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
Descrição CVE: The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
Descrição CVE: CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
Descrição CVE: An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
Version from which the vulnerability is fixed.
MTOOL 8500 3.30
Descrição CVE: An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system.
Version from which the vulnerability is fixed.
MTOOL 8500 3.30
Descrição CVE: An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
Descrição CVE: In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
Descrição CVE: CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
Version from which the vulnerability is fixed.
MTOOL 8500 3.30
Descrição CVE: CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
Descrição CVE: An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected.
Version from which the vulnerability is fixed.
MTOOL 8500 3.60
Descrição CVE: All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
Version from which the vulnerability is fixed.
MTOOL 8500 3.40
Descrição CVE: An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
Version from which the vulnerability is fixed.
MTOOL 8500 3.30
Descrição CVE: The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
