Security Vulnerability in CODESYS V2.3 Runtime System
A security vulnerability which affects the CODESYS V2.3 Runtime System is currently being discussed on several different internet platforms:
(Media-Newswire.com) - A security vulnerability which affects the CODESYS V2.3 Runtime System is currently being discussed on several different internet platforms: The password protection of a publicly accessible CODESYS controller can be bypassed with the help of an external tool. A password protected controller can then be accessed just like any unprotected PLC and it is possible to execute commands with the controller shell or load applications.
Of course, we take this issue very seriously and are currently working on a solution.
In general, we do not offer any standard tools in CODESYS which are to protect the controller from a serious cyber attack. Should the offered password functionality suggest such a protection, this was definitely not our intention. The implementation of standard security mechanisms ( firewall, VPN access ) is an absolute must when operating a PLC runtime system on a controller accessible through the internet.
This story was released on 2012-11-01. Please make sure to visit the official company or organization web site to learn more about the original release date. See our disclaimer for additional information.