All advisories
HighPublished 2024-03-12 · 6d ago

ICSA-24-072-05 · CVE-2024-23906

AC500 V3 hardcoded engineering credentials

A factory-set service account in the AC500 V3 web visualisation service allows remote login. Vendor advises rotating credentials and disabling unused services.

Mitigations

  1. 01Replace default device credentials
  2. 02Apply firmware ≥ 3.7.0
  3. 03Disable CODESYS Web Visualisation in production