Development System
CVE-2023-3669
LOW
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (cert) · only source for this CVE.
CVSS VectorVendor: cert
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.
AnalysisAI
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-307. A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. Affected products include: Codesys Development System. Version information: prior to 3.5.19.20.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Development System
View allA unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality o
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionalit
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before insta
An issue was discovered in 3S-Smart CODESYS V3 products. Rated critical severity (CVSS 9.8), this vulnerability is remot
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unau
An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authen
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vuln
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH COD
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries wit
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). Rated hi
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today