Cybersecurity researchers disclose as many as ten critical vulnerabilities impacting CODESYS automation software. The vulnerabilities could be exploited to achieve remote code execution on programmable logic controllers (PLCs) An attacker does not need a username or password to exploit the vulnerabilities, researchers from Positive Technologies said. The main cause of the vulnerabilities is insufficient verification of input data, which may be caused by failure to comply with the secure development recommendations. The flaws could potentially be leveraged by an adversary to send specially-crafted web server requests to trigger a denial-of-service condition, write or read arbitrary code.
Source: https://thehackernews.com/2021/06/10-critical-flaws-found-in-codesys.html