|Article No°||Product Name||Affected Version(s)|
|CODESYS Development System||22.214.171.124 < 126.96.36.199|
The CODESYS Development System is vulnerable to the execution of malicious binaries from the current working directory.
In CODESYS Development System versions from 188.8.131.52 and prior to 184.108.40.206 a vulnerability allows for execution of binaries from the current working directory in the users context .
Users could unknowingly launch a malicious binary placed by a local attacker.
Update the CODESYS Development System to version 220.127.116.11.
The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.
Alternatively, you will find further information on obtaining the software update in the CODESYS Update area
This vulnerability was reported by Carlo Di Dato of Deloitte Risk Advisory Italia - Vulnerability Research Team.
Coordination done by CERT@VDE.