Microsoft researchers have identified multiple vulnerabilities that could enable threat actors to shut down power plants. There were 15 bugs discovered in the CODESYS software development kit (SDK), which is used to program and engineer programmable logic controllers in industrial operation technology (OT) systems. Exploitation of these discovered vulnerabilities put critical infrastructure at risk of attacks that could result in an attacker shutting down a power plant or tampering with operations. However, exploitation is difficult as attackers would require user authentication as well as knowledge about the protocol of CODESYS.
Microsoft says it has worked with CODESYS to develop patches, and their customers have been urged to apply these fixes as soon as possible.
Read more: https://www.infosecurity-magazine.com/news/microsoft-codesys-flaws-power-plant/