The software system of Schneider Electric’s industrial automation solutions, Codesys, has vulnerabilities. These vulnerabilities allow attackers to cause a loss of control and trigger malfunctions during maintenance operations.

The vulnerability of the Codesys software suite for industrial automation integrated into Schneider Electric’s programmable logic controllers is related to the execution of operations outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to gain control and caus...