Russian cybersecurity company, Positive Technologies has researchers who have identified the vulnerabilities in many products produced by CODESYS. The problem was initially detected in the PLC (programmable logic controller) that was made by WAGO. However, after much struggle and hard work, it came to everyone’s attention that CODESYS software was responsible for these issues.
The CODESYS software has been used by many manufacturers such as HollySys, Kontron, Mitsubishi, Beckhoff, Festo, and many other Russian organizations.
Total ten vulnerabilities were identified, six of which have been labeled critical and they can be taken advantage of by creating the request for remote code execution that has the ability to crash the system. Three flaws are under the category of high severity. The rest are security bugs that are labeled for medium severity.
It is revealed that some vulnerabilities can be abused by genuine attackers in case controllers are not password protected. However, Positive Technologies has asserted that they can be abused by simply having network access.
Vladimir Nazarov, head of ICS security at Positive Technologies stated that the vendors have tagged a few vulnerabilities 10 on 10 for how they can pose danger and are critically harmful. He also said that if they are exploited, remote command on PLC can be executed that can cause technological disruption, industrial disasters, and economic damages.
The vendor of CODESYS has issued advisories for medium, critical, and high severity and has suggested customer install updates. Positive Technologies has said that from now on they will uncover every possible vulnerability discovered by its employees present in the products by US firms.