PT-2026-43196 · Codesys · Codesys Development System

David Ruscheweyh

·

Published

2026-05-26

·

Updated

2026-05-29

·

CVE-2026-44468

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions CODESYS Development System (affected versions not specified)
Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file that defines the components to be installed, which can lead to local privilege escalation by forcing the deployment of arbitrary components.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44468

Affected Products

Codesys Development System