← Back to home
wid-sec-w-2026-0640  ·  Published 2026-03-09  ·  View on BSI CERT-Bund ↗

CODESYS Installer: Vulnerability allows Privilegieneskalation

CVSS 7.3 HIGH

Risk Summary

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

CVEs (1)

Affected Vendors

CODESYS

Affected Products (2)

CODESYS · CODESYS Installer <2.6.1.0
CODESYS · CODESYS Installer 2.6.1.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more