What is CVE-2023-3670?

CVE-2023-3670 is a high-severity vulnerability in Codesys Development System, classified under Exposure of Resource to Wrong Sphere. CVSS score: 7.3/10. Published 2023-07-28.

How severe is CVE-2023-3670?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in Codesys Development System

CVE-2023-3670

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that co…

EPSS: 0.000 (7.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Codesys Development System — versions 3.5.9.0
Codesys Scripting — versions 4.0.0.0

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

cert.vde.com/en/advisories/VDE-2023-024

Frequently asked questions

What is CVE-2023-3670?: CVE-2023-3670 is a high-severity vulnerability in Codesys Development System, classified under Exposure of Resource to Wrong Sphere. CVSS score: 7.3/10. Published 2023-07-28.
How severe is CVE-2023-3670?: High severity. CVSS v3 base score is 7.3 out of 10.