CVE-2023-3670

Published: Jul 28, 2023Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

Affected (2)

Products: Codesys: Development System, Scripting

2 products

Development System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Codesys Development System	From 3.5.9.0 to 3.5.17.0
Codesys Scripting	From 4.0.0.0 to 4.1.0.0

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://cert.vde.com/en/advisories/VDE-2023-024

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2023-024

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.