Search
Find a vulnerability
Search criteria
4 vulnerabilities found for CODESYS Gateway for Windows by CODESYS
CVE-2024-41975 (GCVE-0-2024-41975)
Vulnerability from nvd – Published: 2025-03-18 11:04 – Updated: 2025-03-18 13:09
VLAI
Title
CODESYS (Edge) Gateway for Windows insecure default
Summary
An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Edge Gateway |
Affected:
0 , < 3.5.21.0
(semver)
|
|
| CODESYS | CODESYS Gateway for Windows |
Affected:
0 , < 3.5.21.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:08:52.328118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:09:09.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Guibertoni from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
}
],
"value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T11:04:26.013Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-013"
}
],
"source": {
"advisory": "VDE-2025-013",
"defect": [
"CERT@VDE#641738"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS (Edge) Gateway for Windows insecure default",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-41975",
"datePublished": "2025-03-18T11:04:26.013Z",
"dateReserved": "2024-07-25T09:07:31.467Z",
"dateUpdated": "2025-03-18T13:09:09.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5751 (GCVE-0-2023-5751)
Vulnerability from nvd – Published: 2024-06-04 08:54 – Updated: 2024-08-02 08:07
VLAI
Title
CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
Summary
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Control Win (SL) |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Development System V3 |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Edge Gateway for Windows |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Gateway for Windows |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS HMI (SL) |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| codesys | control_win_sl |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:* |
|
| codesys | development_system_v3 |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:* |
|
| codesys | edge_gateway |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:* |
|
| codesys | gateway |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:* |
|
| codesys | hmi_sl |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_win_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "development_system_v3",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edge_gateway",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hmi_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T14:51:51.731368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:31.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-027"
},
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "joker63"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T08:54:22.046Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-027"
},
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
}
],
"source": {
"advisory": "VDE-2024-027",
"defect": [
"CERT@VDE#64603"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: Development system prone to DoS through exposure of resource to wrong sphere",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-5751",
"datePublished": "2024-06-04T08:54:22.046Z",
"dateReserved": "2023-10-24T11:46:25.505Z",
"dateUpdated": "2024-08-02T08:07:32.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41975 (GCVE-0-2024-41975)
Vulnerability from cvelistv5 – Published: 2025-03-18 11:04 – Updated: 2025-03-18 13:09
VLAI
Title
CODESYS (Edge) Gateway for Windows insecure default
Summary
An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Edge Gateway |
Affected:
0 , < 3.5.21.0
(semver)
|
|
| CODESYS | CODESYS Gateway for Windows |
Affected:
0 , < 3.5.21.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T13:08:52.328118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:09:09.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Guibertoni from Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
}
],
"value": "An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T11:04:26.013Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-013"
}
],
"source": {
"advisory": "VDE-2025-013",
"defect": [
"CERT@VDE#641738"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS (Edge) Gateway for Windows insecure default",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-41975",
"datePublished": "2025-03-18T11:04:26.013Z",
"dateReserved": "2024-07-25T09:07:31.467Z",
"dateUpdated": "2025-03-18T13:09:09.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5751 (GCVE-0-2023-5751)
Vulnerability from cvelistv5 – Published: 2024-06-04 08:54 – Updated: 2024-08-02 08:07
VLAI
Title
CODESYS: Development system prone to DoS through exposure of resource to wrong sphere
Summary
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Control Win (SL) |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Development System V3 |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Edge Gateway for Windows |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS Gateway for Windows |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| CODESYS | CODESYS HMI (SL) |
Affected:
0 , < 3.5.20.10
(semver)
|
|
| codesys | control_win_sl |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:* |
|
| codesys | development_system_v3 |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:* |
|
| codesys | edge_gateway |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:* |
|
| codesys | gateway |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:* |
|
| codesys | hmi_sl |
Affected:
0 , < 3.5.20.10
(custom)
cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codesys:control_win_sl:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "control_win_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:development_system_v3:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "development_system_v3",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:edge_gateway:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edge_gateway",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:gateway:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gateway",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:codesys:hmi_sl:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hmi_sl",
"vendor": "codesys",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T14:51:51.731368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:31.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-027"
},
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "joker63"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.\u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T08:54:22.046Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-027"
},
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18354\u0026token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924\u0026download="
}
],
"source": {
"advisory": "VDE-2024-027",
"defect": [
"CERT@VDE#64603"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: Development system prone to DoS through exposure of resource to wrong sphere",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-5751",
"datePublished": "2024-06-04T08:54:22.046Z",
"dateReserved": "2023-10-24T11:46:25.505Z",
"dateUpdated": "2024-08-02T08:07:32.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}