SB2023081519 - Multiple vulnerabilities in CODESYS Development System

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Untrusted search path (CVE-ID: CVE-2023-3662)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.

2) Improper restriction of excessive authentication attempts (CVE-ID: CVE-2023-3669)

The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to a missing brute-force protection mechanism. A remote attacker can use an unlimited number of attempts to guess victim's password within an import dialog.

3) Missing support for integrity check (CVE-ID: CVE-2023-3663)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing integrity check on notification data within the LearnMoreAction function. An attacker on the local network can send specially crafted requests to the application and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

• https://cert.vde.com/en/advisories/VDE-2023-021/
• https://cert.vde.com/en/advisories/VDE-2023-023
• https://cert.vde.com/en/advisories/VDE-2023-022/
• https://www.zerodayinitiative.com/advisories/ZDI-23-1105/