VDE-2023-021
Last update
03.08.2023 12:48
Published at
03.08.2023 12:48
Vendor(s)
CODESYS GmbH
External ID
VDE-2023-021
CSAF Document
Summary
The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.
Impact
Users could unknowingly launch a malicious binary placed by a local attacker.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CODESYS Development System 3.5.17.0<3.5.19.20 | CODESYS Development System 3.5.17.0<3.5.19.20 |
Vulnerabilities
Expand / Collapse all
Published
24.09.2025 12:42
Severity
Weakness
Uncontrolled Search Path Element (CWE-427)
Summary
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .
References
Remediation
Update the CODESYS Development System to version 3.5.19.20.
The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.
Alternatively, you will find further information on obtaining the software update in the CODESYS Update area
Acknowledgments
CODESYS GmbH thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- Carlo Di Dato from Deloitte Risk Advisory Italia - Vulnerability Research Team for reporting
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 03.08.2023 12:48 | Initial revision. |