3S CODESYS Runtime Toolkit < 22.214.171.124 PLCWinNT DoS
High Nessus Plugin ID 86573
SynopsisA programmable logic controller (PLC) runtime on the remote host is affected by a denial of service vulnerability.
DescriptionThe 3S CODESYS Runtime Toolkit running on the remote Windows host is affected by a denial of service vulnerability in the PLCWinNT Runtime service (TCP port 1200) due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to crash the service, via a crafted request that triggers a NULL pointer deference.
SolutionUpgrade 3S CODESYS Runtime Toolkit to version 126.96.36.199 or higher.