a popular piece of software . SecurityWeek d etailed Vulnerability-related.DiscoverVulnerabilityhow the flaws a ffect Vulnerability-related.DiscoverVulnerabilityan application from 3S-Smart Software Solutions . The potential problem for ICS security stems from CODESYS , a hardware-independent middleware layer for programming Industrial Internet of Things ( IIoT ) and ICS . SecurityWeek r eported Vulnerability-related.DiscoverVulnerabilitythe issue h as now been resolved Vulnerability-related.PatchVulnerabilityby 3S-Smart Software Solutions . However , the need for a patch , which could take some time to r oll out Vulnerability-related.PatchVulnerabilityto all affected organizations , highlighted the need for IT managers to be aware of the risk to connected technologies , particularly when it comes to ICS security . The flaws w ere discovered Vulnerability-related.DiscoverVulnerabilityby security firm CyberX . Phil Neray , vice president of industrial cybersecurity and marketing at CyberX , d escribed Vulnerability-related.DiscoverVulnerabilityhow the vulnerabilities a ffect Vulnerability-related.DiscoverVulnerabilityall devices incorporating CODESYS Web Server v2.3 and earlier versions of the software . CODESYS is used to program a range of devices , such as programmable logic controllers and human machine interfaces . CyberX detailed how these devices are used in almost all elements of critical industrial infrastructure , including power plants , oil and gas installations , and chemical and pharmaceutical factories . The first vulnerability , CVE-2017-6027 , allows an attacker to upload arbitrary files to the CODESYS Web Server and potentially create remote code execution . The second flaw , CVE-2017-6025 , is a stack-based buffer overflow that attackers could use to crash the application or execute arbitrary code . The fear is that attackers could use the flaws to create safety failure and environmental damage at critical industrial infrastructure . ICS-CERT p ublished Vulnerability-related.DiscoverVulnerabilityan advisory note and rated the potential risk score of the vulnerabilities as critical because attackers can potentially gain remote code execution capabilities . 3S-Smart Software h as released Vulnerability-related.PatchVulnerabilitya patch , but CyberX suggested that the rollout process could be complicated by a range of factors .