HIGH🇵🇱 Wersja polska

CVE-2023-3670

CVSS 7.3v3.1pub. 2023-07-28upd. 2024-11-21

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Codesys Development System

    APP
    Codesys
    3.5.9.0 – 3.5.17.0 (bez)
  • Codesys Scripting

    APP
    Codesys
    4.0.0.0 – 4.1.0.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-9010CRITICAL9.8ten sam produkt

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...

CVE-2026-44468HIGH8.5ten sam produkt

The affected product creates a directory with insecure default permissions during administrative installation....

CVE-2026-44469HIGH8.5ten sam produkt

The affected product extracts installation files to a temporary directory with incorrect default permissions d...

CVE-2023-3662HIGH7.3ten sam produkt

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for executi...

CVE-2023-3663HIGH8.8ten sam produkt

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might all...