CODESYS Runtime, a runtime system that "turns any embedded or PC based device into a full-fledged IEC 61131-3 controller", is vulnerable to a remote denial of service attack. The issue is due to the PLCWinNT Runtime service that runs on TCP port 1200 not properly sanitizing user-supplied input.