CVE 8.5 HIGH

Incorrect Default Permissions in CODESYS Development System_CVE-2026-44468

May 26, 2026 invoker category_cve
8.5 / 10
HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.

AI Analysis

Local privilege escalation vulnerability due to insecure default permissions during administrative installation

Basic Information

ID CVE-2026-44468
Source CERTVDE
Published May 26, 2026 at 06:37

Affected Product

Vendor CODESYS
Product CODESYS Development System
Version 3.0.0.0
Affected Versions CODESYS CODESYS Development System 3.0.0.0

CWE Classification

CWE-276

AI Assessment

AI Score 8.5 / 10
AI Severity High
Vendor 3S-Smart Software Solutions GmbH
Product CODESYS Development System
Version 3.0.0.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.