Summary
This document is a security advisory regarding the CODESYS Development System, specifically version 3.5.19.20 and earlier. It outlines a vulnerability related to the password import dialog, which does not limit the number of attempts to guess a password. This flaw allows attackers to make unlimited attempts to guess passwords during user import, potentially compromising user accounts. The advisory identifies the vulnerability as CVE-2023-3669 and provides a CVSS v3.1 base score of 3.3, indicating a low severity. The advisory recommends updating to the latest version of the CODESYS Development System to mitigate this vulnerability. Additionally, it includes general security recommendations for protecting the control system environment, such as using firewalls, encrypted communication links, and limiting network exposure. The advisory acknowledges the reporting of this vulnerability by an OEM customer and provides contact information for further inquiries.
