Share: Email | Twitter

ID

VDE-2023-023

Published

2023-08-03 13:08 (CEST)

Last update

2023-08-03 13:08 (CEST)

Vendor(s)

CODESYS GmbH

Product(s)

Article No° Product Name Affected Version(s)
CODESYS Development System < 3.5.19.20

Summary

The CODESYS Development System does not limit the number of attempts to guess the password within an import dialog.


Last Update:

3. August 2023 13:08

Weakness

Improper Restriction of Excessive Authentication Attempts  (CWE-307) 

Summary

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.


Impact

A limited amount of information can be obtained by a local attacker if the brute-force attack was successful.

Solution

Update the CODESYS Development System to version 3.5.19.20.

The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.

Alternatively, you will find further information on obtaining the software update in the CODESYS Update area

Reported by

This vulnerability was reported by an OEM customer.

Coordination done by CERT@VDE.