The bug is rated 10 out of 10 on the CVSS v.2 vulnerability severity scale and requires little skill to exploit. It s a heap-based buffer overflow that exists in the CODESYS web server. An attacker could thus exploit the bug by requesting a very large memory allocation size via a WEB_CLIENT_OPENCONNECTION message sent to the CmpWebServer HandlerV3.5.20. The vulnerability is rated as critical, but users should update to the latest version of the software.
Source: https://threatpost.com/critical-codesys-bug-remote-code-execution/154213/