CVE-2023-3670

Summary

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Development System3.5.9.0 < 3.5.17.0affected
CODESYSCODESYS Scripting4.0.0.0 < 4.1.0.0affected

Weaknesses

  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References