Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting
CVE-2023-3670

7.3HIGH

Key Information:

Vendor: Codesys
Status: Codesys Development System; Codesys Scripting
Vendor: CVE Published:; 28 July 2023

What is CVE-2023-3670?

The CODESYS Development System and CODESYS Scripting products are affected by a vulnerability that arises from improper directory permissions. This flaw permits an attacker with local access to the workstation to place malicious scripts within the system's directories. Once these scripts are present, they may be executed by unsuspecting legitimate users, potentially leading to unauthorized actions and compromise of system integrity.

Affected Version(s)

CODESYS Development System 3.5.9.0 < 3.5.17.0

CODESYS Scripting 4.0.0.0 < 4.1.0.0

References

https://cert.vde.com/en/advisories/VDE-2023-024

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2023
Vulnerability Reserved
Jul 14, 2023