Microsoft researchers have identified critical vulnerabilities in the CODESYS software development kit (SDK) that could allow threat actors to shut down power plants. The flaws, affecting all versions of CODESYS V3 SDK prior to 3.5.19.0, pose a risk of remote code execution (RCE) and denial of service (DoS) attacks. Exploitation is challenging, requiring user authentication and deep knowledge of the CODESYS V3 protocol. Microsoft has reported the vulnerabilities to CODESYS and urges customers to apply patches. #Microsoft #CODESYS #vulnerabilities #powerplants #cybersecurity

https://www.infosecurity-magazine.com/news/microsoft-codesys-flaws-power-plant/