Researcher discovered a critical vulnerability in the web server component of 3S-Smart Software Solutions’ CODESYS WebVisu product currently used in 116 PLCs and HMIs from many vendors,
Security researcher Zhu WenZhe from Istury IOT discovered a critical stack-based buffer overflow vulnerability in the web server component of 3S-Smart Software Solutions’ CODESYS WebVisu product that allows users to view human-machine interfaces (HMIs) for programmable logic controllers (PLCs) in a web browser.
The vulnerability is tracked as CVE-2018-5440 and it has been assigned a CVSS score of 9.8, and the worst news is that it is quite easy to exploit.
Full Article.