Codesys: >> Development System >> 3.5.19.40 Security Vulnerabilities
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.
CVSS Score
8.5
EPSS Score
0.001
Published
2026-05-26
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components.
CVSS Score
8.5
EPSS Score
0.001
Published
2026-05-26