CVE-2023-49676
MEDIUMCODESYS Development System V2.3 < 2.3.9.73 - Unauthenticated Use-After-Free via Corrupted Project Files
Title source: llmDescription
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.
References (1)
Core 1
Core References
Various Sources
https://cert.vde.com/en/advisories/VDE-2024-024
Scores
CVSS v3
5.5
EPSS
0.0018
EPSS Percentile
7.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (1)
CODESYS/CODESYS Development System V2.3
< 2.3.9.73
Published
May 06, 2024
Tracked Since
Feb 18, 2026