CVE-2023-3670

Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting

CVSS 7.3 HIGHEPSS 0.2%CWE-668

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 jul 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Productos afectados

CODESYS · CODESYS Development System CODESYS · CODESYS Scripting

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert.vde.com/en/advisories/VDE-2023-024