CVE Catalog

CVE-2023-3669

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A missing Brute-Force protection in CODESYS Development System prior to version 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

Risk Assessment

The organization is at risk of unauthorized access to the system, which could lead to serious security breaches.

Recommendation

It is recommended to update the CODESYS Development System to version 3.5.19.20 or later to implement proper protection against Brute-Force attacks.

Original NVD description (English source)

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS