The company has released a set of vulnerabilities in its CODESYS software development kit that could lead to remote code execution and denial-of-service.
The utility is designed to help operators gain control over their data and perform specific tasks.
However, some of the vulnerabilities allow attackers to execute arbitrary code without resorting to brute force.
CVE-2022-47385 – After successful authentication, specific crafted communication requests can cause the CmpAppForce component to write attacker-controlled data to stack, which can lead to a Denial-Of-Service condition, memory overwriting, or remote code executing.
CVE-20 22-47391 – Crafted communication requests may cause the affected products to read internally from an invalid address, potentially leading to a denial OFS.FC.V3.0.1.
Authentication.
For more information on these vulnerabilities, see the What’s Up With This Bug section.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply