PatchSiren cyber security CVE debrief
CVE-2023-3662 CODESYS CVE debrief
CVE-2023-3662 is a local code-execution issue tied to CODESYS Development System components used with Festo Automation Suite. The advisory states that binaries from the current working directory can be executed in the user’s context, which can let an attacker influence what runs when a user launches the affected software from a writable location. The published CVSS 3.1 score is 7.3 (High), but the vector shows this is not a remote unauthenticated flaw; it requires local access, low privileges, and user interaction.
- Vendor
- CODESYS
- Product
- FESTO
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-03-17
Who should care
OT/industrial automation teams, engineering workstation administrators, and Festo Automation Suite users who have CODESYS bundled or installed separately—especially environments running versions noted in the advisory.
Technical summary
The advisory describes a path-handling weakness consistent with CWE-427 (Uncontrolled Search Path Element): CODESYS Development System versions from 3.5.17.0 to prior to 3.5.19.20 may execute a binary from the current working directory in the context of the user running the program. The source advisory and CISA republication tie the issue to Festo Automation Suite deployments that bundled affected CODESYS components, and the provided CVSS vector is AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Defensive priority
High for affected engineering endpoints and OT support systems, because the impact is code execution in a user context and the vulnerable component appears in software used in industrial environments. Prioritize upgrades and replacement of bundled vulnerable CODESYS instances.
Recommended defensive actions
- Upgrade to the latest patched CODESYS release directly from the official CODESYS website.
- For Festo Automation Suite deployments, move to Festo Automation Suite 2.8.0.138 or later, where CODESYS is no longer bundled.
- Apply Festo Automation Suite updates as they are released, including connector updates noted in the advisory.
- Monitor Festo and CODESYS security advisories and verify that installed versions are not in the affected range (3.5.17.0 through 3.5.19.19).
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-26-076-01 (published 2026-02-26, republished 2026-03-17), which states: "In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context." The same advisory lists CVSS 3.1 7.3 with AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H and references the Festo CSAF and Festo PSIRT pages. The supplied vendor metadata is low-confidence and should be treated as needing review; the authoritative source associates the issue with Festo Automation Suite and CODESYS.
Official resources
-
CVE-2023-3662 CVE record
CVE.org
-
CVE-2023-3662 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA first published the advisory for CVE-2023-3662 on 2026-02-26 and republished it on 2026-03-17. The provided source corpus does not include KEV listing evidence or any claim of active exploitation.