A set of 16 high-severity safety flaws have been found within the CODESYS V3 software program improvement equipment (SDK), posing dangers to operational know-how (OT) environments. These flaws, generally known as CoDe16, might result in distant code execution and denial-of-service assaults. While exploiting these vulnerabilities requires consumer authentication and data of the CODESYS V3 protocol, the affect might be vital, together with shutdowns and malicious tampering of important automation processes. The distant code execution bugs might be abused to backdoor OT units and intrude with programmable logic controllers (PLCs), probably resulting in info theft. Patches for the issues had been launched in April 2023. These vulnerabilities might be exploited to launch DoS assaults and steal delicate knowledge or tamper with operations.
Source hyperlink