Security News > 2021 > June > Serious Vulnerabilities Found in CODESYS Software Used by Many ICS Products
Researchers have discovered 10 vulnerabilities - a majority rated critical or high severity - in CODESYS industrial automation software that is used in many industrial control system products.
Researchers at Russian cybersecurity company Positive Technologies identified the vulnerabilities in various products made by CODESYS. They initially found the flaws in a programmable logic controller made by WAGO, but further analysis showed that the issues were actually introduced by CODESYS software that is used by more than a dozen manufacturers for their PLCs, including Beckhoff, Kontron, Moeller, Festo, Mitsubishi, HollySys and several Russian firms.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
"The vendor rated some of these vulnerabilities as 10 out of 10, or extremely dangerous," explained Vladimir Nazarov, head of ICS security at Positive Technologies.
CODESYS has released updates for its CODESYS V2 web server, Runtime Toolkit and PLCWinNT products to address the vulnerabilities.
The company said it will continue to responsibly disclose the vulnerabilities found by its employees in the products of major U.S. companies.