CVE-2023-3670

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2023-024 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:scripting:*:*:*:*:*:*:*:*

History

03 Aug 2023, 18:44

Type Values Removed Values Added
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-024 - (MISC) https://cert.vde.com/en/advisories/VDE-2023-024 - Third Party Advisory
First Time Codesys
Codesys scripting
Codesys development System
CPE cpe:2.3:a:codesys:scripting:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*

28 Jul 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-28 08:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-3670

Mitre link : CVE-2023-3670

CVE.ORG link : CVE-2023-3670


JSON object : View

Products Affected

codesys

  • scripting
  • development_system
CWE
CWE-668

Exposure of Resource to Wrong Sphere