3S CODESYS Runtime Toolkit < 220.127.116.11 PLCWinNT DoS (credentialed check)
High Nessus Plugin ID 86572
SynopsisA programmable logic controller (PLC) runtime on the remote host is affected by a denial of service vulnerability.
DescriptionThe 3S CODESYS Runtime Toolkit installed on the remote Windows host is affected by a denial of service vulnerability in the PLCWinNT Runtime service (TCP port 1200) due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to crash the service, via a crafted request that triggers a NULL pointer deference.
SolutionUpgrade 3S CODESYS Runtime Toolkit to version 18.104.22.168 or higher.