Flaw in Popular Framework Exposes Many ICS Devices to Attacks

Hundreds of thousands of Industrial Internet of Things (IIoT) and industrial control systems (ICS) products could be exposed to hacker attacks due to critical vulnerabilities affecting a widely used piece of software from Germany-based 3S-Smart Software Solutions. The flaws affect the CODESYS automation software for developing and engineering controller applications, specifically the Web Server component of the CODESYS WebVisu visualization software. The issues have been fixed by 3S-Smart Software Solutions, but experts believe it will take some time until the patch reaches all vulnerable devices.