Critical CODESYS Bug Allows Remote Code Execution

2020-03-26 20:12

A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code.

In this case, the bug exists in the CODESYS web server, which is used to display CODESYS system visualization screens in a web browser.

"This could crash the web server, lead to a denial-of-service condition or may be utilized for remote code execution," according to the company's advisory [PDF].

In CODESYS version 3, the web server is an optional part of the CODESYS runtime system.

The company said that all versions of CODESYS V3 runtime systems containing the web server prior V3.5.15.40 are affected, regardless of the CPU type or operating system, the advisory said.

News URL

https://threatpost.com/critical-codesys-bug-remote-code-execution/154213/

#codeexecution #critical

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Codesys		63	2	74	43	3	122

News URL

Related news

Related vendor