CVE-2023-3662

HIGH

CODESYS Development System 3.5.17.0-3.5.19.19 - Uncontrolled Search Path Element

Title source: llm
STIX 2.1

Description

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .

References (1)

Core 1
Core References
Mitigation, Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-021/

Scores

CVSS v3 7.3
EPSS 0.0020
EPSS Percentile 9.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-427
Status published
Products (1)
codesys/development_system 3.5.17.0 - 3.5.19.20
Published Aug 03, 2023
Tracked Since Feb 18, 2026