CODESYS: Missing Brute-Force protection in CODESYS Development System

VDE-2023-023

Last update

08/03/2023 13:08

Published at

08/03/2023 13:08

Vendor(s)

CODESYS GmbH

External ID

VDE-2023-023

CSAF Document

Download

Summary

The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.

Impact

A limited amount of information can be obtained by a local attacker if the brute-force attack was successful.

Affected Product(s)

Model no.	Product name	Affected versions
	CODESYS Development System <3.5.19.20	CODESYS Development System <3.5.19.20

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:57

Severity

3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness

Improper Restriction of Excessive Authentication Attempts (CWE-307)

Summary

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

References

cve.org | nvd.nist.gov

Remediation

Update the CODESYS Development System to version 3.5.19.20.
The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.
Alternatively, you will find further information on obtaining the software update in the CODESYS Update area

Revision History

Version	Date	Summary
1	08/03/2023 13:08	Initial revision.

CODESYS: Missing Brute-Force protection in CODESYS Development System

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-3669 3.3

Remediation

Revision History