|Article No°||Product Name||Affected Version(s)|
|CODESYS Development System||< 126.96.36.199|
The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.
A missing Brute-Force protection in CODESYS Development System prior to 188.8.131.52 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.
A limited amount of information can be obtained by a local attacker if the brute-force attack was successful.
Update the CODESYS Development System to version 184.108.40.206.
The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.
Alternatively, you will find further information on obtaining the software update in the CODESYS Update area
This vulnerability was reported by an OEM customer.
Coordination done by CERT@VDE.