ICS-CERT has released an advisory on a 3S-Smart Software Solutions GmbH CODESYS Web Server vulnerability. All Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19, are affected. Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash, resulting in a buffer overflow condition that may allow remote code execution. This vulnerability is fixed by patch V.1.1.9.19 for the CODESYS V2.3 Web Server for Windows, part of the CODESYS setup V2.3.9.56. ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!