Security News > 2022 > June > Critical Security Flaws Identified in CODESYS ICS Automation Software

Critical Security Flaws Identified in CODESYS ICS Automation Software
2022-06-27 03:35

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service condition, among others.

CODESYS is a software suite used by automation specialists as a development environment for programmable logic controller applications.

CODESYS Gateway Server prior to version V2.3.9.38.

CODESYS Web server prior to version V1.1.9.23.

Chief among the flaws are CVE-2022-31805 and CVE-2022-31806, which relate to the cleartext use of passwords used to authenticate before carrying out operations on the PLCs and a failure to enable password protection by default in the CODESYS Control runtime system respectively.

In a separate advisory published on June 23, CODESYS said it also remediated three other flaws in CODESYS Gateway Server that could be leveraged to send crafted requests to bypass authentication and crash the server.


News URL

https://thehackernews.com/2022/06/critical-security-flaws-identified-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-31806 Insecure Default Initialization of Resource vulnerability in Codesys Plcwinnt and Runtime Toolkit
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
network
codesys CWE-1188
6.8
2022-06-24 CVE-2022-31805 Unprotected Transport of Credentials vulnerability in Codesys products
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
network
low complexity
codesys CWE-523
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Codesys 63 2 74 43 3 122