Microsoft researchers have identified multiple high-severity vulnerabilities that could enable threat actors to shut down power plants. The flaws were discovered within the CODESYS software development kit (SDK), which is widely used to program and engineer programmable logic controllers in industrial operational technology (OT) systems in sectors like manufacturing and energy. All versions of CODESYS V3 SDK prior to 3.5.19.0 are affected by the 15 bugs, which were listed in a Microsoft blog post published on August 10, 2023. The Microsoft’s cyberphysical systems research team said that exploitation of the discovered vulnerabilities could put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS).
