CODESYS Development System

🗓️ 24 Aug 2023 06:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 30 Views

CODESYS Development System has a vulnerability in data authenticity verification, allowing remote code execution. Update to version 3.5.19.20 for mitigation

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-3663	3 Aug 202314:39	–	circl
CNNVD	CODESYS Development System Data Falsification Issue Vulnerability	3 Aug 202300:00	–	cnnvd
CVE	CVE-2023-3663	3 Aug 202310:55	–	cve
Cvelist	CVE-2023-3663 CODESYS: Missing integrity check in CODESYS Development System	3 Aug 202310:55	–	cvelist
EUVD	EUVD-2023-44307	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3663	3 Aug 202311:15	–	nvd
OSV	CVE-2023-3663	3 Aug 202311:15	–	osv
Prion	Design/Logic Flaw	3 Aug 202311:15	–	prion
Positive Technologies	PT-2023-4166 · 3S Smart Software Solutions · Codesys Development System	3 Aug 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-3663 CODESYS: Missing integrity check in CODESYS Development System	3 Aug 202310:55	–	vulnrichment

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-236-05.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-236-05
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

24 Aug 2023 06:00Current

9.2High risk

Vulners AI Score9.2

CVSS 3.18.8

EPSS0.0087

SSVC