← Back to home
ICSA-23-236-05  ·  Published 2023-08-24  ·  View on CISA ICS-CERT ↗

CODESYS Development System

CVSS 9.6 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to execute a-man-in-the-middle attack to execute arbitrary code.

CVEs (1)

Remediations

  • CODESYS recommends users update the CODESYS Development System to version 3.5.19.20.
  • The CODESYS Development System can be downloaded and installed directly with the CODESYS Installer or be downloaded from the CODESYS Store.
  • Alternatively, users may find further information on obtaining the software update in the (CODESYS Update area.)[https://www.codesys.com/download/]
  • For more information, please see the advisory CERT@VDE published for CODESYS at:(https://cert.vde.com/en-us/advisories/vde-2023-022)[https://cert.vde.com/en-us/advisories/vde-2023-022]

Affected Vendors

CODESYS, GmbH

Affected Products (1)

CODESYS, GmbH · CODESYS Development System >= 3.5.11.0 | < 3.5.19.20

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more