Home
MEDIUM: 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NDefault status
unaffected
0.0.0.0 (semver) before 3.5.21.20
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Default status
unaffected
0.0.0.0 (semver) before 4.16.0.0
affected
Description
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
Problem types
CWE-276 Incorrect Default Permissions
Product status
0.0.0.0 (semver) before 3.5.21.20
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
0.0.0.0 (semver) before 4.16.0.0
Credits
Luca Borzacchiello from Nozomi Networks
References
certvde.com/de/advisories/VDE-2025-049