CODESYS Control SysSocket Race Condition Vulnerability Leading to Denial-of-Service on Linux and QNX
Vulnerability
A race condition vulnerability has been identified in the communication servers of the CODESYS Control runtime system, specifically in the SysSocket implementation for Linux and QNX. This flaw allows an unauthenticated remote attacker to trigger an out-of-bounds read by exploiting the race condition through crafted socket communication. The exploitation can cause a denial-of-service condition by crashing the affected communication task. Additionally, clients using the CODESYS PLCHandler on Linux or QNX may be impacted if they connect to a malicious server that exploits this vulnerability.
Impact
Exploitation leads to a denial-of-service condition on affected PLCs or communication clients using the CODESYS PLCHandler, disrupting the operation or monitoring of industrial control systems.
Remediation
Users can update to CODESYS PLCHandler, CODESYS Remote Target Visu, and CODESYS Runtime Toolkit version 3.5.21.40. For other CODESYS Control products on Linux or QNX, an update to version 4.19.0.0 is recommended, with this version expected to be released in Q1 2026.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.