Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-3662— CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries

CVSS 7.3 · High EPSS 0.03% · P9
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-3662

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries
Source: NVD (National Vulnerability Database)
Vulnerability Description
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
CODESYS Development System 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
3s-smart Software Solutions CODESYS Development System是德国德国3S智能软件系统方案有限公司(3s-smart Software Solutions)公司的一套用于工业控制器和自动化技术领域的编程工具。 CODESYS Development System 3.5.17.0 到 3.5.19.20 版本存在代码问题漏洞,该漏洞源于允许在用户环境的当前工作目录执行二进制文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CODESYSCODESYS Development System 3.5.17.0 ~ 3.5.19.20 -

II. Public POCs for CVE-2023-3662

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-3662

登录查看更多情报信息。

Same Patch Batch · CODESYS · 2023-08-03 · 19 CVEs total

CVE-2022-40468.8 HIGHCODESYS: Improper memory restrictions fro CODESYS Control
CVE-2023-36638.8 HIGHCODESYS: Missing integrity check in CODESYS Development System
CVE-2023-375546.5 MEDIUMCODESYS Improper Input Validation in CmpAppBP
CVE-2023-375466.5 MEDIUMCODESYS: Improper Input Validation in CmpApp component
CVE-2023-375476.5 MEDIUMCODESYS: Improper Input Validation in CmpApp component
CVE-2023-375486.5 MEDIUMCODESYS: Improper Input Validation in CmpApp component
CVE-2023-375496.5 MEDIUMCODESYS: Improper Input Validation in CmpApp component
CVE-2023-375506.5 MEDIUMCODESYS: Improper Input Validation in CmpApp component
CVE-2023-375516.5 MEDIUMCODESYS Files or Directories Accessible to External Parties in CmpApp
CVE-2023-375526.5 MEDIUMCODESYS Improper Input Validation in CmpAppBP
CVE-2023-375536.5 MEDIUMCODESYS Improper Input Validation in CmpAppBP
CVE-2023-375556.5 MEDIUMCODESYS Improper Input Validation in CmpAppBP
CVE-2023-375566.5 MEDIUMCODESYS Improper Input Validation in CmpAppBP
CVE-2023-375576.5 MEDIUMCODESYS Heap-based Buffer Overflow in multiple products
CVE-2023-375586.5 MEDIUMCODESYS Improper Validation of Consistency within Input in multiple products
CVE-2023-375596.5 MEDIUMCODESYS Improper Validation of Consistency within Input in multiple products
CVE-2023-375456.5 MEDIUMCODESYS: Improper Input Validation in CmpApp component
CVE-2023-36693.3 LOWCODESYS: Missing Brute-Force protection in CODESYS Development System

IV. Related Vulnerabilities

Same product: CODESYS Development System
Same vendor: CODESYS
Same weakness: CWE-427

V. Comments for CVE-2023-3662

No comments yet

Leave a comment