Vulnerability Details CVE-2023-3670
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.3%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2023-3670
-
cpe:2.3:a:codesys:development_system:3.5.10.0
-
cpe:2.3:a:codesys:development_system:3.5.10.10
-
cpe:2.3:a:codesys:development_system:3.5.10.20
-
cpe:2.3:a:codesys:development_system:3.5.10.30
-
cpe:2.3:a:codesys:development_system:3.5.10.40
-
cpe:2.3:a:codesys:development_system:3.5.10.50
-
cpe:2.3:a:codesys:development_system:3.5.10.60
-
cpe:2.3:a:codesys:development_system:3.5.10.70
-
cpe:2.3:a:codesys:development_system:3.5.11.0
-
cpe:2.3:a:codesys:development_system:3.5.11.10
-
cpe:2.3:a:codesys:development_system:3.5.11.20
-
cpe:2.3:a:codesys:development_system:3.5.11.30
-
cpe:2.3:a:codesys:development_system:3.5.11.40
-
cpe:2.3:a:codesys:development_system:3.5.11.50
-
cpe:2.3:a:codesys:development_system:3.5.11.60
-
cpe:2.3:a:codesys:development_system:3.5.12.0
-
cpe:2.3:a:codesys:development_system:3.5.12.10
-
cpe:2.3:a:codesys:development_system:3.5.12.20
-
cpe:2.3:a:codesys:development_system:3.5.12.30
-
cpe:2.3:a:codesys:development_system:3.5.12.40
-
cpe:2.3:a:codesys:development_system:3.5.12.50
-
cpe:2.3:a:codesys:development_system:3.5.12.60
-
cpe:2.3:a:codesys:development_system:3.5.12.70
-
cpe:2.3:a:codesys:development_system:3.5.13.0
-
cpe:2.3:a:codesys:development_system:3.5.13.10
-
cpe:2.3:a:codesys:development_system:3.5.13.20
-
cpe:2.3:a:codesys:development_system:3.5.13.30
-
cpe:2.3:a:codesys:development_system:3.5.13.40
-
cpe:2.3:a:codesys:development_system:3.5.14.0
-
cpe:2.3:a:codesys:development_system:3.5.14.10
-
cpe:2.3:a:codesys:development_system:3.5.14.20
-
cpe:2.3:a:codesys:development_system:3.5.14.30
-
cpe:2.3:a:codesys:development_system:3.5.14.40
-
cpe:2.3:a:codesys:development_system:3.5.15.0
-
cpe:2.3:a:codesys:development_system:3.5.15.10
-
cpe:2.3:a:codesys:development_system:3.5.15.20
-
cpe:2.3:a:codesys:development_system:3.5.15.30
-
cpe:2.3:a:codesys:development_system:3.5.15.40
-
cpe:2.3:a:codesys:development_system:3.5.15.50
-
cpe:2.3:a:codesys:development_system:3.5.16.0
-
cpe:2.3:a:codesys:development_system:3.5.16.10
-
cpe:2.3:a:codesys:development_system:3.5.16.20
-
cpe:2.3:a:codesys:development_system:3.5.16.30
-
cpe:2.3:a:codesys:development_system:3.5.16.40
-
cpe:2.3:a:codesys:development_system:3.5.16.50
-
cpe:2.3:a:codesys:development_system:3.5.16.60
-
cpe:2.3:a:codesys:development_system:3.5.16.70
-
cpe:2.3:a:codesys:development_system:3.5.16.90
-
cpe:2.3:a:codesys:development_system:3.5.9.0
-
cpe:2.3:a:codesys:development_system:3.5.9.40
-
cpe:2.3:a:codesys:development_system:3.5.9.50
-
cpe:2.3:a:codesys:development_system:3.5.9.60
-
cpe:2.3:a:codesys:development_system:3.5.9.70
-
cpe:2.3:a:codesys:development_system:3.5.9.80
-
cpe:2.3:a:codesys:scripting:4.0.0.0