CODESYS Installer - Possible Privilege Escalation

The CODESYS Installer is affected by a privilege escalation vulnerability. Due to a race condition, a local attacker with limited privileges can replace the verified downloaded setup before execution. Because the update process runs with administrator privileges, a malicious application can be executed with elevated rights.
The attack requires the legitimate user to confirm the self‑update prompt for the CODESYS Installer itself or to initiate an installation of a CODESYS Development System. The update process for CODESYS Add-Ons is not affected by this issue.

Exploitation of this vulnerability can lead to a privilege escalation on the host system.

Update the following product to version 2.6.1.0.
* CODESYS Installer

To avoid using the self‑update mechanism when applying the software update, we recommend manually downloading the fixed version of the CODESYS Installer from the CODESYS Store and installing it. Alternatively, you can also download and install the CODESYS Development System version 3.5.22.0 or newer as a complete setup, which includes the updated CODESYS Installer.

The CODESYS Installer as well as the CODESYS Development System can be downloaded from the CODESYS Store. Alternatively, as well as for all other products, you will find further information on obtaining the software update in the CODESYS Update area https://www.codesys.com/download/.

CODESYS GmbH thanks the following parties for their efforts:

• CERT@VDE for coordination (see https://www.certvde.com )
• David Ruscheweyh from SEW-EURODRIVE GmbH & Co KG for reporting