In Pilz PMC programming tool 3.x prior to 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
pilz pmc