CODESYS Development System Incorrect Default Permissions Leading to Local Privilege Escalation

A vulnerability exists in the CODESYS Development System prior to version 3.5.22.20, where the PackageManager and IPM create temporary directories with insecure default permissions during administrative installation. This flaw allows low-privileged local attackers to modify a temporary bootstrap file, forcing the deployment of arbitrary components, or to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition by replacing digitally verified installation files with malicious ones before installation. Both issues bypass intended security boundaries during package or add-on installation.

Impact

Exploitation of this vulnerability allows low-privileged local users to escalate privileges, with any installed components being applied in an administrative context. This could lead to the installation of malicious files that compromise the underlying operating system.

Remediation

Users are advised to update the CODESYS Development System to version 3.5.22.20. The update can be downloaded via the CODESYS Installer, from the CODESYS Store, or by visiting the CODESYS Update area for further instructions.