VDE-2023-021

Vulnerability from csaf_codesysgmbh - Published: 2023-08-03 10:48 - Updated: 2023-08-03 10:48
Summary
CODESYS: Vulnerability in CODESYS Development System allows execution of binaries
Notes
Summary: The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.
Impact: Users could unknowingly launch a malicious binary placed by a local attacker.
Remediation: Update the CODESYS Development System to version 3.5.19.20. The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, you will find further information on obtaining the software update in the CODESYS Update area
CVE-2023-3662

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .

7.3 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-427 - Uncontrolled Search Path Element
Vendor Fix Update the CODESYS Development System to version 3.5.19.20. The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store. Alternatively, you will find further information on obtaining the software update in the CODESYS Update area
References
Acknowledgments
CERT@VDE certvde.com
Deloitte Risk Advisory Italia - Vulnerability Research Team Carlo Di Dato
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Carlo Di Dato"
        ],
        "organization": "Deloitte Risk Advisory Italia - Vulnerability Research Team",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Users could unknowingly launch a malicious binary placed by a local attacker.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update the CODESYS Development System to version 3.5.19.20.\nThe CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.\nAlternatively, you will find further information on obtaining the software update in the CODESYS Update area",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@codesys.com",
      "name": "CODESYS GmbH",
      "namespace": "https://www.codesys.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-021: CODESYS: Vulnerability in CODESYS Development System allows execution of binaries - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-021/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-021: CODESYS: Vulnerability in CODESYS Development System allows execution of binaries - CSAF",
        "url": "https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-021.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.codesys.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for CODESYS GmbH",
        "url": "https://certvde.com/en/advisories/vendor/codesys/"
      }
    ],
    "title": "CODESYS: Vulnerability in CODESYS Development System allows execution of binaries",
    "tracking": {
      "aliases": [
        "VDE-2023-021"
      ],
      "current_release_date": "2023-08-03T10:48:00.000Z",
      "generator": {
        "date": "2025-04-17T08:16:33.227Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.23"
        }
      },
      "id": "VDE-2023-021",
      "initial_release_date": "2023-08-03T10:48:00.000Z",
      "revision_history": [
        {
          "date": "2023-08-03T10:48:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "3.5.17.0\u003c3.5.19.20",
                    "product": {
                      "name": "CODESYS Development System 3.5.17.0\u003c3.5.19.20",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "3.5.19.20",
                    "product": {
                      "name": "CODESYS Development System 3.5.19.20",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "CODESYS Development System"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "CODESYS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-3662",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "description",
          "text": "In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001"
        ],
        "known_affected": [
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update the CODESYS Development System to version 3.5.19.20.\nThe CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.\nAlternatively, you will find further information on obtaining the software update in the CODESYS Update area",
          "product_ids": [
            "CSAFPID-51001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.3,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2023-3662"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.