CVE-2023-3670

In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS Scripting4.0.0.0 to4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CERTVDECNA
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
codesysdevelopment_system
3.5.9.0 ≤
𝑥
< 3.5.17.0
codesysscripting
4.0.0.0 ≤
𝑥
< 4.1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2023-024
https://cert.vde.com/en/advisories/VDE-2023-024