Summary
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Impact
Please consult CODESYS Security Advisory 2023-09 for more details.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CODESYS Development System | Firmware 3.5.9.0<3.5.17.0 | |
| CODESYS Scripting | Firmware 4.0.0.0<4.1.0.0 |
Vulnerabilities
Expand / Collapse allIn CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Remediation
Update CODESYS Development System to version 3.5.17.0 .
Update CODESYS Scripting to version 4.1.0.0 .
This version can be downloaded and installed directly with the CODESYS Installer.
A CODESYS DevelopmentSystem version of 3.5.17.0 is required.
Alternatively, you can visit the CODESYS update area for more information on how to obtain the softwareupdate.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 28.07.2023 09:45 | Initial revision. |