Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System.

The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology, available in 32- and 64-bit versions.

This software contains multiple unsafe deserialization vulnerabilities that could allow an attacker to execute arbitrary code on the victim machine. These issues exist across a variety of the software’s functions. For more information on these vulnerabilities, read their individual advisories below.

• TALOS-2021-1300 (CVE-2021-21863)
• TALOS-2021-1301 (CVE-2021-21864)
• TALOS-2021-1302 (CVE-2021-21865)
• TALOS-2021-1303 (CVE-2021-21866)
• TALOS-2021-1304 (CVE-2021-21867)
• TALOS-2021-1305 (CVE-2021-21868)
• TALOS-2021-1306 (CVE-2021-21869)

Cisco Talos worked with the CODESYS Group to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: CODESYS GmbH CODESYS Development System, versions 3.5.16 and 3.5.17. Talos tested and confirmed these versions of the CODESYS Development System could be exploited by this vulnerability.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57585 – 57604, 57619 and 57620. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.