CVE-2023-3670

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

Published: Jul 28, 2023
Updated: Jul 29, 2023
CVE: CVE-2023-3670
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.3
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-668

Affected Software
References

Software	From	Fixed in
codesys / scripting	4.0.0.0	4.1.0.0
codesys / development_system	3.5.9.0	3.5.17.0

https://cert.vde.com/en/advisories/VDE-2023-024

Vulnerability Database

289,697

CVE-2023-3670