Wiz
Vulnerability DatabaseCVE-2023-3662

CVE-2023-3662
CODESYS Development System vulnerability analysis and mitigation

Overview

CVE-2023-3662 affects the CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20. The vulnerability was discovered in August 2023 and allows for execution of binaries from the current working directory in the user's context (VDE Advisory).

Technical details

The vulnerability is classified as an Uncontrolled Search Path Element (CWE-427) with a CVSS v3.1 base score of 7.3 HIGH (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). The vulnerability requires local access and user interaction to be exploited (CISA Advisory, VDE Advisory).

Impact

Successful exploitation of this vulnerability could allow attackers to cause users to unknowingly launch a malicious binary placed by a local attacker. This could potentially lead to complete compromise of the affected system with the privileges of the user (CISA Advisory).

Mitigation and workarounds

CODESYS recommends users update the CODESYS Development System to version 3.5.19.20. The update can be obtained through the CODESYS Installer or downloaded from the CODESYS Store. Users should also exercise principles of least privilege to minimize the risk of exploitation (CISA Advisory, VDE Advisory).

Additional resources

SourceThis report was generated using AI

Related CODESYS Development System vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-41700HIGH7.8
  • CODESYS Development SystemCODESYS Development System
  • cpe:2.3:a:codesys:development_system
NoYesDec 01, 2025
CVE-2023-5751HIGH7.8
  • CODESYS Development SystemCODESYS Development System
  • cpe:2.3:a:codesys:development_system
NoYesJun 04, 2024
CVE-2023-49675HIGH7.8
  • CODESYS Development SystemCODESYS Development System
  • cpe:2.3:a:codesys:development_system
NoNoMay 06, 2024
CVE-2023-37559MEDIUM6.5
  • CODESYS Development SystemCODESYS Development System
  • cpe:2.3:a:codesys:development_system
NoYesAug 03, 2023
CVE-2023-37558MEDIUM6.5
  • CODESYS Development SystemCODESYS Development System
  • cpe:2.3:a:codesys:development_system
NoYesAug 03, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo