CODESYS Development System: Local Privilege Escalation Through Self-Update

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.3

CODESYS Development System: Local Privilege Escalation Through Self-Update

CVE-2026-2364

Summary

A local attacker with low privileges can gain elevated rights if they trick a legitimate user into confirming a self-update or installation prompt for the CODESYS Development System. This could allow the attacker to access sensitive system settings or data. Users should be cautious when prompted to update or install CODESYS and verify the authenticity of the prompt before proceeding.

Original title

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerabilit...

Original description

nvd CVSS3.1 7.3

Vulnerability type

CWE-367

https://certvde.com/de/advisories/VDE-2026-012

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026