Security News > 2021 > July > CODESYS Patches Dozen Vulnerabilities in Industrial Automation Products
Industrial automation software provider CODESYS this month informed customers about a dozen vulnerabilities affecting various products.
Vulnerabilities in CODESYS software could have serious implications considering that it's used in the industrial control systems made by several major companies.
CODESYS on July 22 published six new advisories to inform customers that patches are available for remote code execution, denial of service, and information disclosure vulnerabilities affecting its Development System, V3 web server, Gateway, Runtime Toolkit for VxWorks, and EtherNetIP products.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
Talos researchers found that various functions of the CODESYS Development System, a programming tool for industrial control and automation systems, are affected by unsafe deserialization bugs that can lead to remote code execution.
In each advisory, CODESYS mentioned that the vulnerabilities can be exploited by an attacker with low skills.