3S CODESYS Runtime 3.x < 220.127.116.11 Insufficient Access Control Vulnerability
Critical Nessus Plugin ID 120947
SynopsisA programmable logic controller (PLC) runtime on the remote host is affected by authentication bypass and unencrypted communications vulnerabilities.
DescriptionThe 3S CODESYS Runtime environment running on the remote host is affected by authentication bypass and unencrypted communications vulnerabilities due missing security controls. An unauthenticated, remote attacker can exploit this vulnerability to take control of the affected host.
Note: Nessus checked the version to determine if user authentication and encryption could be enabled. It did not verify the user authentication and encryption security controls were enabled.
SolutionUpgrade 3S CODESYS Runtime to version 18.104.22.168 or higher. If upgrading to 22.214.171.124, enable user authentication and encryption. If upgrading to 126.96.36.199 and later, no additional action is required.