CVE 8.5 HIGH

Incorrect Default Permissions in CODESYS Development System_CVE-2026-44469

May 26, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.

AI Analysis

Local privilege escalation due to incorrect default permissions in temporary directory

Basic Information

ID CVE-2026-44469

Source CERTVDE

Published May 26, 2026 at 06:39

Affected Product

Vendor CODESYS

Product CODESYS Development System

Version 3.0.0.0

Affected Versions CODESYS CODESYS Development System 3.0.0.0

CWE Classification

CWE-276

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor 3S-Smart Software Solutions GmbH

Product CODESYS Development System

Version 3.0.0.0

References

www.certvde.com /en/advisories/VDE-2026-055/

{
    "lastseen": "",
    "description": "The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.",
    "published": "2026-05-26T06:39:04.477Z",
    "modified": "2026-05-26T06:39:04.477Z",
    "type": "cve",
    "title": "Incorrect Default Permissions in CODESYS Development System",
    "source": "CERTVDE",
    "references": "https://www.certvde.com/en/advisories/VDE-2026-055/",
    "id": "CVE-2026-44469",
    "bulletinFamily": "",
    "cwe": [
        "CWE-276"
    ],
    "cvelist": null,
    "sourceData": "CODESYS CODESYS Development System 3.0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CODESYS Development System",
    "version": "3.0.0.0",
    "vendor": "CODESYS",
    "ai_description": "Local privilege escalation due to incorrect default permissions in temporary directory",
    "ai_severity": "High",
    "ai_vendor": "3S-Smart Software Solutions GmbH",
    "ai_product": "CODESYS Development System",
    "ai_version": "3.0.0.0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply