CODESYS Runtime is prone to multiple authentication-bypass vulnerabilities.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
Information
WAGO WAGO PFC200 0
3S-Smart Software Solutions GmbH CODESYS Control Runtime Toolkit 2.4.7.0
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Critical CODESYS vulnerabilities in WAGO PFC 200 Series (Sec-consult)
- Alert (ICS-ALERT-17-341-01) WAGO PFC200 (ICS CERT)