Lucene search

CERTVDECVELIST:CVE-2023-3670

HistoryJul 28, 2023 - 7:52 a.m.

CVE-2023-3670 Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting

2023-07-2807:52:33

CWE-668

CERTVDE

www.cve.org

codesys

vulnerability

local access

harmful scripts

unsafe directory permissions

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Development System",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.17.0",
        "status": "affected",
        "version": "3.5.9.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Scripting",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.1.0.0",
        "status": "affected",
        "version": "4.0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-024

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for CVELIST:CVE-2023-3670