|Article No°||Product Name||Affected Version(s)|
|CODESYS Development System||220.127.116.11 < 18.104.22.168|
|CODESYS Scripting||22.214.171.124 < 126.96.36.199|
In CODESYS Development System 188.8.131.52 to 184.108.40.206 and CODESYS Scripting 220.127.116.11 to 18.104.22.168 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Please consult CODESYS Security Advisory 2023-09 for more details.
Update CODESYS Development System to version 22.214.171.124 or newer.
Update CODESYS Scripting to version 126.96.36.199 or newer.
This version can be downloaded and installed directly with the CODESYS Installer. A CODESYS Development
System version of 188.8.131.52 or newer is required.
Alternatively, you can visit the CODESYS update area for more information on how to obtain the software
This vulnerability was discovered by Sina Kheirkhah (@SinSinology) of Summoning Team
(@SummoningTeam) working with Trend Micro Zero Day Initiative.
CODESYS coordinated with CERT@VDE.