- EPSS 0.11%
- Veröffentlicht 26.05.2026 06:39:04
- Zuletzt bearbeitet 28.05.2026 20:09:28
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to repla...
CVE-2026-44468
- EPSS 0.12%
- Veröffentlicht 26.05.2026 06:37:53
- Zuletzt bearbeitet 28.05.2026 20:11:52
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege es...
CVE-2025-41700
- EPSS 0.13%
- Veröffentlicht 01.12.2025 10:02:47
- Zuletzt bearbeitet 23.02.2026 15:35:10
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
CVE-2023-49676
- EPSS 0.18%
- Veröffentlicht 06.05.2024 12:15:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.
CVE-2023-49675
- EPSS 0.2%
- Veröffentlicht 06.05.2024 12:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.
CVE-2023-3669
- EPSS 0.14%
- Veröffentlicht 03.08.2023 12:15:11
- Zuletzt bearbeitet 21.11.2024 08:17:47
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.
CVE-2023-37555
- EPSS 0.52%
- Veröffentlicht 03.08.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:56
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, poten...
CVE-2023-37549
- EPSS 0.52%
- Veröffentlicht 03.08.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:55
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...
CVE-2023-37550
- EPSS 0.52%
- Veröffentlicht 03.08.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:55
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potenti...
CVE-2023-37551
- EPSS 0.41%
- Veröffentlicht 03.08.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:55
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast ...