Nearly a dozen Codesys flaws addressed

SecurityWeek reports that Codesys has already released fixes for 11 security flaws across its products identified by NSFocus, a Chinese cybersecurity company. Many of the vulnerabilities were observed in Codesys V2 products, some of which have been consolidated into one CVE tag. Meanwhile, critical ratings were given to two security flaws involving inadequate password protection and inappropriately protected passwords. Attackers could also exploit more than half of the bugs to execute denial-of-service attacks. "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code execution. In combination with industrial scenarios on field, these vulnerabilities could expose industrial production to stagnation, equipment damage, etc.," said NSFocus in a post on GitHub. While Codesys noted that low skills are sufficient for remote exploitation of the flaws, there has been no evidence of any abuse in the wild.