CVE-2023-5751
📋 TL;DR
This vulnerability allows a local attacker with low privileges to read and modify any user's files in the working directory of affected CODESYS products, potentially causing denial of service. It affects CODESYS Control runtime systems and development environments where improper resource isolation exposes files to unauthorized access.
💻 Affected Systems
- CODESYS Control runtime systems
- CODESYS development environments
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all user files in the working directory, including sensitive configuration files, leading to system disruption, data theft, or privilege escalation.
Likely Case
Unauthorized reading and modification of user files, potentially disrupting operations or exposing sensitive information stored in the working directory.
If Mitigated
Limited impact if proper access controls and isolation mechanisms are implemented, restricting the attacker's ability to access critical files.
🎯 Exploit Status
Exploitation requires local access with low privileges but is relatively straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18354&token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924&download=
Restart Required: Yes
Instructions:
1. Review the CODESYS security advisory. 2. Download and apply the appropriate patch for your CODESYS version. 3. Restart the affected CODESYS services or systems. 4. Verify the patch was applied successfully.
🔧 Temporary Workarounds
Restrict access to working directory
linuxLimit user access to the CODESYS working directory to only authorized users
chmod 750 /path/to/codesys/working/directory
chown root:authorized_group /path/to/codesys/working/directory
Implement strict file permissions
windowsApply strict file permissions to prevent unauthorized file access
icacls "C:\Program Files\CODESYS\working" /deny Users:(OI)(CI)F
🧯 If You Can't Patch
- Implement strict access controls to limit which users can access the CODESYS working directory
- Monitor file access logs in the CODESYS working directory for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check your CODESYS version against the affected versions listed in the vendor advisoryCheck Version:
Check CODESYS About dialog or consult product documentation for version informationVerify Fix Applied:
Verify that the patched version is installed and test that low-privilege users cannot access other users' files in the working directory📡 Detection & Monitoring
Log Indicators:
- Unauthorized file access attempts in CODESYS logs
- File permission changes in the working directory
Network Indicators:
- Local file access patterns indicating privilege escalation attempts
SIEM Query:
source="codesys.log" AND (event="file_access" OR event="permission_denied") AND user="low_privilege_user"🔗 References
- https://cert.vde.com/en/advisories/VDE-2024-027
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18354&token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924&download=
- https://cert.vde.com/en/advisories/VDE-2024-027
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18354&token=f3e92a942c3a2f90c272a5ded7598c6a0b5f4924&download=
