CODESYS: Missing integrity check in CODESYS Development System
CVE-2023-3663

8.8HIGH

Key Information:

Vendor: Codesys
Status: Codesys Development System
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-3663?

A vulnerability exists in the CODESYS Development System that allows an unauthenticated remote attacker to manipulate the content of HTTP notifications sent by the CODESYS notification server. This issue arises from a missing integrity check in versions 3.5.11.20 and earlier, as well as versions prior to 3.5.19.20. Attackers could exploit this flaw to alter notification content, potentially leading to unauthorized actions within systems relying on CODESYS.

Affected Version(s)

CODESYS Development System 3.5.11.20 < 3.5.19.20

References

https://cert.vde.com/en/advisories/VDE-2023-022/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 13, 2023

Codesys

What is CVE-2023-3663?

Affected Version(s)

References

CVSS V3.1

Timeline