PT-2024-8333 · 3S Smart Software Solutions · Codesys V3

Diego Giubertoni

Published

2024-11-18

Updated

2024-11-18

CVE-2024-41969

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CODESYS V3 (affected versions not specified)

Description A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability, which could lead to full system access and/or Denial of Service (DoS). The vulnerability is related to a critical function in the CODESYS V3 service that lacks proper authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2024-09889

CVE-2024-41969

Affected Products

Codesys V3

PT-2024-8333 · 3S Smart Software Solutions · Codesys V3

CVE-2024-41969

Weakness Enumeration

Related Identifiers

Affected Products

References · 9