Skip to main content

Development System CVE-2023-3669

LOW
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2023-08-03 info@cert.vde.com
3.3
CVSS 3.1 · Vendor: cert

Severity by source

Vendor (cert) PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from Vendor (cert) · only source for this CVE.

CVSS VectorVendor: cert

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 03, 2023 - 12:15 cve.org
LOW 3.3

DescriptionCVE.org

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

AnalysisAI

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-307. A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. Affected products include: Codesys Development System. Version information: prior to 3.5.19.20.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-21866 HIGH POC
7.8 Aug 02

A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality o

CVE-2021-21864 HIGH POC
7.8 Aug 02

A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionalit

CVE-2021-29240 HIGH POC
7.8 May 04

The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before insta

CVE-2019-9010 CRITICAL
9.8 Aug 15

An issue was discovered in 3S-Smart CODESYS V3 products. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2023-3663 HIGH
8.8 Aug 03

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unau

CVE-2019-9013 HIGH
8.8 Aug 15

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authen

CVE-2022-22515 HIGH
8.1 Apr 07

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vuln

CVE-2022-22516 HIGH
7.8 Apr 07

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write

CVE-2021-21863 HIGH
7.8 Aug 05

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH COD

CVE-2021-21865 HIGH
7.8 Aug 02

A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of

CVE-2021-29239 HIGH
7.8 May 03

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries wit

CVE-2021-29241 HIGH
7.5 May 03

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). Rated hi

Share

CVE-2023-3669 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy