Security News > 2020 > March > Critical CODESYS Bug Allows Remote Code Execution

Critical CODESYS Bug Allows Remote Code Execution
2020-03-26 20:12

A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code.

In this case, the bug exists in the CODESYS web server, which is used to display CODESYS system visualization screens in a web browser.

"This could crash the web server, lead to a denial-of-service condition or may be utilized for remote code execution," according to the company's advisory [PDF].

In CODESYS version 3, the web server is an optional part of the CODESYS runtime system.

The company said that all versions of CODESYS V3 runtime systems containing the web server prior V3.5.15.40 are affected, regardless of the CPU type or operating system, the advisory said.


News URL

https://threatpost.com/critical-codesys-bug-remote-code-execution/154213/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Codesys 71 1 35 73 18 127