← back
CVE-2023-3670

Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting

CVSS 7.3 HIGHEPSS 0.2%CWE-668
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jul 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
CODESYS · CODESYS Development SystemCODESYS · CODESYS Scripting

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.vde.com/en/advisories/VDE-2023-024