Denis Goryushev

**Name of the Vulnerable Software and Affected Versions** CODESYS Control runtime system (affected versions not specified) **Description** The issue allows any system user to read and write within restricted memory space due to a problem in the SysDrv3S driver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CODESYS Gateway V3 versions prior to 3.5.17.10 **Description** The issue is related to a NULL Pointer Dereference in the affected CODESYS products. Crafted communication requests may cause a Null pointer dereference, resulting in a denial-of-service condition. An attacker, acting remotely, can exploit this issue by sending a specially crafted TCP packet. **Recommendations** For CODESYS Gateway V3 versions prior to 3.5.17.10, update to version 3.5.17.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected CODESYS products to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CODESYS V2 runtime system SP versions prior to 2.4.7.55 **Description** The issue is a stack-based buffer overflow in the CODESYS V2 runtime system SP. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 2.4.7.55, update to version 2.4.7.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.