Researchers have identified 10 vulnerabilities in CODESYS automation software for industrial control systems. Vulnerabilities can lead to remote command execution on PLC, which may disrupt technological processes and cause industrial accidents and economic losses. The software is used as a foundation by 15 manufacturers to build PLC firmware. The main cause of the vulnerabilities is insufficient verification of input data, which is caused by failure to comply with the secure development recommendations. Vulnerability CVE-2021-30187 can be used to call additional PLC functions utilizing the SysFile system library.
Source: https://www.helpnetsecurity.com/2021/06/04/critical-vulnerabilities-codesys-ics/