CVE-2023-3670

HIGH Year: 2023
CVSS v3 Score
7.3
High
Weakness Type
CWE-668
View all →

Vulnerability Description

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.

Related Vulnerabilities

CVE-2021-41065

HIGH
CVSS:7.3(High)

An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listar...

CWE-6682021

CVE-2022-0815

HIGH
CVSS:7.3(High)

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details a...

CWE-6682022

CVE-2017-12576

HIGH
CVSS:7.2(High)

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management ...

CWE-6682017

CVE-2017-16660

HIGH
CVSS:7.2(High)

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP c...

CWE-6682017

CVE-2021-34539

HIGH
CVSS:7.2(High)

An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users...

CWE-6682021

CVE-2023-39171

HIGH
CVSS:7.2(High)

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.

CWE-6682023