|CODESYS Development System
|22.214.171.124 < 126.96.36.199
|188.8.131.52 < 184.108.40.206
In CODESYS Development System 220.127.116.11 to 18.104.22.168 and CODESYS Scripting 22.214.171.124 to 126.96.36.199 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Please consult CODESYS Security Advisory 2023-09 for more details.
Update CODESYS Development System to version 188.8.131.52 or newer.
Update CODESYS Scripting to version 184.108.40.206 or newer.
This version can be downloaded and installed directly with the CODESYS Installer. A CODESYS Development
System version of 220.127.116.11 or newer is required.
Alternatively, you can visit the CODESYS update area for more information on how to obtain the software
This vulnerability was discovered by Sina Kheirkhah (@SinSinology) of Summoning Team
(@SummoningTeam) working with Trend Micro Zero Day Initiative.
CODESYS coordinated with CERT@VDE.