CVE-2023-3670

{"id": "CVE-2023-3670", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2023-07-28T08:15:10.557", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-024", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "In CODESYS Development System 3.5.9.0 to\u00a03.5.17.0 and\u00a0CODESYS Scripting\u00a04.0.0.0 to\u00a04.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users."}], "lastModified": "2023-08-03T18:44:39.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "727C53CA-E8D1-4280-8CFA-64A6ECFDA41B", "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.5.9.0"}, {"criteria": "cpe:2.3:a:codesys:scripting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD63247-C6C1-44FC-99C7-71FC875125A6", "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "4.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}