Select Page

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others.

“These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code execution,” Chinese cybersecurity firm NSFOCUS said. “In combination with industrial scenarios on the field, these vulnerabilities could expose industrial production to stagnation, equipment damage, etc.”

CODESYS is a software suite used by automation specialists as a development environment for programmable logic controller applications (PLCs).

Following responsible disclosure between September 2021 and January 2022, fixes were shipped by the German software company last week on June 23, 2022. Two of the bugs are rated as Critical, seven as High, and two as Medium in severity. The issues collectively affect the following products –

images from Hacker News