Codesys Codesys Development System
8 CVEs affecting Codesys Codesys Development System. Latest disclosed: 2026-05-26. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-3663 | High | 8.8 | 2023-08-03 | In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipula… |
CVE-2026-44469 | High | 7.8 | 2026-05-26 | The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileg… |
CVE-2026-44468 | High | 7.8 | 2026-05-26 | The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to m… |
CVE-2025-41700 | High | 7.8 | 2025-12-01 | An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS deve… |
CVE-2022-31805 | High | 7.5 | 2022-06-24 | In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. |
CVE-2023-3662 | High | 7.3 | 2023-08-03 | In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory… |
CVE-2023-3670 | High | 7.3 | 2023-07-28 | In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local acce… |
CVE-2023-3669 | Low | 3.3 | 2023-08-03 | A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password w… |