Security Notification - SEVD-2023-101-01 CODESYS Runtime Vulnerabilities

Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS Runtime. Many vendors, including Schneider Electric, embed CODESYS in their offers. If successfully exploited, these vulnerabilities could result in a denial of service or, in some cases, in remote code execution on PacDrive controllers, Modicon Controllers M241 / M251 / M262 / M258 / LMC058 / M218 and HMISCU products. CVE-2022-4224 CVE-2023-28355 CVE-2022-4046 CWE-668: Exposure of Resource to Wrong Sphere