Multiple Vulnerabilities in 3S CODESYS Runtime in Rexroth PRC7000

Published

2020-12-16 00:00:00 UTC

Summary

BOSCH-SA-387388: The PRC7000 welding timer sold by Bosch Rexroth AG contains a CODESYS Soft-PLC Runtime from 3S. The manufacturer published security reports [1] about several weaknesses. By exploiting those weaknesses, an attacker can cause denial-of-service conditions or acquire user credentials. The vulnerabilities affect all firmware versions up to 1.11.3, and are fixed with the release of version 1.11.4.