CVE-2023-5751: 
CODESYS Development System vulnerability analysis and mitigation

CVE-2023-5751 is a security vulnerability affecting multiple CODESYS products running under Microsoft Windows operating system. The vulnerability was discovered on June 4, 2024, and affects products including CODESYS Control Win (SL), CODESYS Development System V3, CODESYS Edge Gateway for Windows, CODESYS Gateway for Windows, and CODESYS HMI (SL) versions below 3.5.20.10. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) (VDE Advisory).

The vulnerability stems from exposure of resources to the wrong sphere (CWE-668), where the affected CODESYS products have their working directory under %ProgramData%\CODESYS\ by default. This configuration allows all legitimate local Microsoft Windows users to access files in this working directory, even when the affected products are running under a different user or in the system context. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access with low attack complexity and requiring low privileges (VDE Advisory).

The vulnerability allows a local attacker with low privileges to read and modify any user's files and potentially cause a Denial of Service (DoS) in the working directory of the affected products. This is particularly significant as CODESYS Development System is an IEC 61131-3 programming tool used in industrial controller and automation technology sectors (VDE Advisory).

The primary mitigation is to update affected products to version 3.5.20.10. After the update, working directories are moved to '%APPDATA%\CODESYS', which can only be accessed by respective users. For systems running PLC with 'CODESYS Control Win SysTray PLC Control', the working directory is moved to a location requiring administrator access. Additionally, it is recommended to create only required user accounts on affected Windows systems and restrict access to systems with the affected software (VDE Advisory).