According to an advisory by Chinese cybersecurity firm NSFOCUS, its researchers have detected 11 security vulnerabilities that lie in the CoDeSys automation software that could lead to unauthorized access to company resources or denial-of-service attacks. The researchers claim that the bugs are simple to exploit and can have severe consequences, ranging from information leakage to arbitrary code execution. Due to the nature of industries in which the software is deployed, in some scenarios such as in the industrial sector, the vulnerabilities could expose industrial production to equipment damage or stagnation.
The flaws were first disclosed to CoDeSys themselves last fall, and the company released a patch last week that fixes the vulnerabilities. It is possible that threat actors will take advantage of the fact that some organizations may be slow to implement the patches, meaning that doing so should be urgent. Of the 11 flaws discovered by NSFOCUS, two are rated critical on the CVSS scale, seven as high, and two as medium.
Read More: Chinese Researchers Find Critical Security Flaws in CoDeSys Automation Software