CVE-2023-3663

Summary

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Development System3.5.11.20 < 3.5.19.20affected

Weaknesses

  • CWE-940: CWE-940 Improper Verification of Source of a Communication Channel

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References