In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HCodesys Development System
APPCodesys3.5.9.0 – 3.5.17.0 (bez)Codesys Scripting
APPCodesys4.0.0.0 – 4.1.0.0 (bez)
Related vulnerabilities
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...
The affected product creates a directory with insecure default permissions during administrative installation....
The affected product extracts installation files to a temporary directory with incorrect default permissions d...
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for executi...
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might all...