Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CODESYS V3 SDK Flaws Threaten OT Systems

August 14, 2023
Reading Time: 2 mins read
in Alerts
CODESYS V3 SDK Flaws Threaten OT Systems

A collection of 16 high-severity security vulnerabilities has been unveiled within the CODESYS V3 software development kit (SDK), named CoDe16, potentially leading to remote code execution and denial-of-service scenarios in operational technology (OT) environments.

Ranging from CVE-2022-47378 to CVE-2022-47393, these flaws carry a CVSS score of 8.8, with one exception rated at 7.5, and include a dozen buffer overflow vulnerabilities. Vladimir Tokarev from the Microsoft Threat Intelligence Community emphasized that these vulnerabilities, affecting CODESYS V3 versions up to 3.5.19.0, pose significant risks to OT infrastructure, potentially enabling remote code execution and denial-of-service attacks.

While exploiting these flaws demands user authentication and an understanding of CODESYS V3’s proprietary protocol, the potential consequences are severe, potentially causing shutdowns and malicious tampering of critical automation processes.

Among these vulnerabilities, remote code execution flaws hold the potential to compromise OT devices, particularly programmable logic controllers (PLCs), which could lead to information theft and unauthorized control. Despite user authentication requirements, Tokarev noted that leveraging a known vulnerability (CVE-2019-9013) in a replay attack against the PLC, alongside exploiting the flaws to trigger buffer overflows, could enable unauthorized access.

Patches addressing these vulnerabilities were released in April 2023. Some examples of the vulnerabilities include CVE-2022-47378, which could lead to a denial-of-service condition, CVE-2022-47379 involving memory overwriting, and CVE-2022-47385 posing a potential denial-of-service situation.

As CODESYS is widely employed by various vendors, these vulnerabilities hold the potential to impact multiple sectors and device types, prompting concerns about the launch of denial-of-service attacks or exploitation of remote code execution vulnerabilities to compromise sensitive data, interfere with operations, or manipulate PLCs in hazardous ways.

Reference:
  • Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
Tags: August 2023CODESYSCyber AlertCyber Alerts 2023CyberattackCybersecurityDenial-of-service attacksMicrosoftVulnerabilities
ADVERTISEMENT

Related Posts

Chrome Extensions Leak Data And API Keys

Chrome Extensions Leak Data And API Keys

June 6, 2025
Chrome Extensions Leak Data And API Keys

AMOS Stealer Hits macOS Via Fake CAPTCHA

June 6, 2025
Chrome Extensions Leak Data And API Keys

BADBOX Turns 1M+ IoT Devices Into Proxies

June 6, 2025
UNC6040 Vishing Group Target Salesforce Data

UNC6040 Vishing Group Target Salesforce Data

June 5, 2025
New Chaos RAT Variant Hits Windows and Linux

New Chaos RAT Variant Hits Windows and Linux

June 5, 2025
New Chaos RAT Variant Hits Windows and Linux

FBI Warns Hedera NFT Airdrop Crypto Scam

June 5, 2025

Latest Alerts

AMOS Stealer Hits macOS Via Fake CAPTCHA

Chrome Extensions Leak Data And API Keys

BADBOX Turns 1M+ IoT Devices Into Proxies

FBI Warns Hedera NFT Airdrop Crypto Scam

New Chaos RAT Variant Hits Windows and Linux

UNC6040 Vishing Group Target Salesforce Data

Subscribe to our newsletter

    Latest Incidents

    German Dog Rescue IG Hacked For Ransom

    Hack Attempt Hits German Police Phone System

    InfoJobs Spain Hit By Credential Stuffing

    KiranaPro Startup Hacked All Data Wiped

    Nervos Bridge Paused After $3.9 Million Hack

    Ukraine GUR Claims Tupolev Data Theft Hack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial