Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for CODESYS Gateway for Windows by CODESYS

    CVE-2024-41975 (GCVE-0-2024-41975)

    Vulnerability from nvd – Published: 2025-03-18 11:04 – Updated: 2025-03-18 13:09
    VLAI
    Title
    CODESYS (Edge) Gateway for Windows insecure default
    Summary
    An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    References
    Impacted products
    Credits
    Diego Guibertoni from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T13:08:52.328118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T13:09:09.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Diego Guibertoni from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
                }
              ],
              "value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T11:04:26.013Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2025-013"
            }
          ],
          "source": {
            "advisory": "VDE-2025-013",
            "defect": [
              "CERT@VDE#641738"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS (Edge) Gateway for Windows insecure default",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-41975",
        "datePublished": "2025-03-18T11:04:26.013Z",
        "dateReserved": "2024-07-25T09:07:31.467Z",
        "dateUpdated": "2025-03-18T13:09:09.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5751 (GCVE-0-2023-5751)

    Vulnerability from nvd – Published: 2024-06-04 08:54 – Updated: 2024-08-02 08:07
    VLAI
    Title
    CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
    Summary
    A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. 
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control Win (SL) Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS Gateway for Windows Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    codesys control_win_sl Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys development_system_v3 Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys edge_gateway Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys gateway Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys hmi_sl Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    joker63
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "control_win_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "development_system_v3",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edge_gateway",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gateway",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hmi_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T14:51:51.731368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:31.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.848Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-027"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "joker63"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u00a0\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-04T08:54:22.046Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-027"
            },
            {
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
            }
          ],
          "source": {
            "advisory": "VDE-2024-027",
            "defect": [
              "CERT@VDE#64603"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS: Development system prone to DoS through exposure of resource to wrong sphere",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-5751",
        "datePublished": "2024-06-04T08:54:22.046Z",
        "dateReserved": "2023-10-24T11:46:25.505Z",
        "dateUpdated": "2024-08-02T08:07:32.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41975 (GCVE-0-2024-41975)

    Vulnerability from cvelistv5 – Published: 2025-03-18 11:04 – Updated: 2025-03-18 13:09
    VLAI
    Title
    CODESYS (Edge) Gateway for Windows insecure default
    Summary
    An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    References
    Impacted products
    Credits
    Diego Guibertoni from Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41975",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T13:08:52.328118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T13:09:09.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Diego Guibertoni from Nozomi Networks"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
                }
              ],
              "value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T11:04:26.013Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2025-013"
            }
          ],
          "source": {
            "advisory": "VDE-2025-013",
            "defect": [
              "CERT@VDE#641738"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS (Edge) Gateway for Windows insecure default",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-41975",
        "datePublished": "2025-03-18T11:04:26.013Z",
        "dateReserved": "2024-07-25T09:07:31.467Z",
        "dateUpdated": "2025-03-18T13:09:09.855Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5751 (GCVE-0-2023-5751)

    Vulnerability from cvelistv5 – Published: 2024-06-04 08:54 – Updated: 2024-08-02 08:07
    VLAI
    Title
    CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
    Summary
    A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. 
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control Win (SL) Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS Gateway for Windows Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0 , < 3.5.20.10 (semver)
    Create a notification for this product.
    codesys control_win_sl Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys development_system_v3 Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys edge_gateway Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys gateway Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys hmi_sl Affected: 0 , < 3.5.20.10 (custom)
        cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    joker63
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "control_win_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "development_system_v3",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edge_gateway",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gateway",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hmi_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T14:51:51.731368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:31.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.848Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2024-027"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "joker63"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u00a0\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-04T08:54:22.046Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-027"
            },
            {
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
            }
          ],
          "source": {
            "advisory": "VDE-2024-027",
            "defect": [
              "CERT@VDE#64603"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS: Development system prone to DoS through exposure of resource to wrong sphere",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-5751",
        "datePublished": "2024-06-04T08:54:22.046Z",
        "dateReserved": "2023-10-24T11:46:25.505Z",
        "dateUpdated": "2024-08-02T08:07:32.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }