CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries
CVE-2023-3662

7.3HIGH

Key Information:

Vendor: Codesys
Status: Codesys Development System
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-3662?

The CODESYS Development System up to versions 3.5.17.0 and prior to 3.5.19.20 suffers from a vulnerability that permits the execution of binaries stored within the current working directory. This issue can lead to unauthorized code execution in the context of an affected user, potentially compromising system security. Users of CODESYS Development System are advised to review their current version and apply necessary updates to mitigate the risk.

Affected Version(s)

CODESYS Development System 3.5.17.0 < 3.5.19.20

References

https://cert.vde.com/en/advisories/VDE-2023-021/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 13, 2023

Codesys

What is CVE-2023-3662?

Affected Version(s)

References

CVSS V3.1

Timeline