CODESYS: Vulnerability in CODESYS Development System allows execution of binaries

VDE-2023-021

Last update

03.08.2023 12:48

Published at

03.08.2023 12:48

Vendor(s)

CODESYS GmbH

External ID

VDE-2023-021

CSAF Document

Download

Summary

The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.

Impact

Users could unknowingly launch a malicious binary placed by a local attacker.

Affected Product(s)

Model no.	Product name	Affected versions
	CODESYS Development System 3.5.17.0<3.5.19.20	CODESYS Development System 3.5.17.0<3.5.19.20

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:57

Severity

7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Weakness

Uncontrolled Search Path Element (CWE-427)

Summary

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .

References

cve.org | nvd.nist.gov

Remediation

Update the CODESYS Development System to version 3.5.19.20.
The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.
Alternatively, you will find further information on obtaining the software update in the CODESYS Update area

Revision History

Version	Date	Summary
1	03.08.2023 12:48	Initial revision.

CODESYS: Vulnerability in CODESYS Development System allows execution of binaries

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-3662 7.3

Remediation

Revision History