CVE-2023-3670 HIGH

CVE-2023-3670: Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting

Vendor Codesys
Product CODESYS Development System
Weakness CWE-668
Published July 28, 2023
Last update October 21, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

Key dates

02Disclosure timeline

July 28, 2023 CVE published
October 21, 2024 Record updated