Industrial Automation Software Informed Customers About a Dozen Vulnerabilities

Software_Development_Life_Cycle

CODESYS, a developer of industrial automation software, notified customers this month of a dozen vulnerabilities impacting a variety of devices. Cisco Talos detected more than half of these issues, and the details were released on Monday.

Vulnerabilities in CODESYS software could have substantial consequences because it is utilised in several large firms’ industrial control systems (ICS). Last month, a cybersecurity firm warned that serious security holes uncovered in CODESYS software exposed programmable logic controllers (PLCs) made by more than a dozen manufacturers to attacks.

CODESYS announced on July 22 that patches for remote code execution, denial of service (DoS), and information disclosure vulnerabilities in its Development System, V3 web server, Gateway, Runtime Toolkit for VxWorks, and EtherNetIP products are now available.

A critical severity rating has been applied to only one vulnerability. The bug, dubbed CVE-2021-33485, is a heap-based buffer overflow in the CODESYS V3 web server that can be used to launch DoS attacks or execute remote code using specially crafted requests.

Cisco’s Talos research and threat intelligence unit uncovered seven vulnerabilities, according to a CODESYS alert. Researchers from Talos discovered that unsafe deserialization flaws in the CODESYS Development System, a programming tool for industrial control and automation systems, can lead to remote code execution.

An attacker could take advantage of these flaws by altering local configuration or profile files, or duping a local user into opening malicious project or archive files.

SEE ALSO:
6 Ways How Virtual Reality Can Change the World

The manufacturer stated that it was unaware of any attacks exploiting these holes, but that security scanners can exacerbate some of the flaws.

CODESYS stated in each advisory that the vulnerabilities can be exploited by an attacker with limited capabilities.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
change their passwords

1Password Announced Receiving a $100 Million Increases its Valuation to $2 Billion

Next Post
Computer system

Cyberattack that Crippled the Computer Systems of a Hospital Network

Related Posts