Description
If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
Published: 2026-03-10
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch Now
AI Analysis

Impact

This vulnerability arises from a time‑of‑check to time‑of‑use race condition in the CODESYS Installer. When a legitimate user elects to update the CODESYS Development System or launches the installer, a low‑privileged local user can interleave actions to trick the installer into executing with elevated rights. The flaw permits an attacker to elevate privileges on the affected system.

Affected Systems

The advisory lists the CODESYS Installer as the affected component. No specific version numbers are provided, so all installations that rely on the current installer may be vulnerable unless a patch is applied. Users who trigger the self‑update prompt or start the installer are at risk.

Risk and Exploitability

The CVSS score of 7.3 indicates a high‑severity local privilege escalation, but the EPSS score is less than 1 % and the flaw is not in the CISA KEV catalog, pointing to a low likelihood of widespread exploitation. The attack requires local presence and the ability to confirm a self‑update prompt or initiate installation, which limits the attacker’s opportunities. If successfully exploited, the attacker could compromise the host.

Generated by OpenCVE AI on April 17, 2026 at 11:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest CODESYS Installer update that addresses the TOCTOU vulnerability.
  • Disable automatic self‑update prompts so the user must manually approve any installation changes.
  • Restrict local user privileges to prevent unprivileged accounts from running the installer or initiating updates.
  • Review and apply vendor guidance to eliminate race conditions (CWE-367) by ensuring atomic checks during the installation process.

Generated by OpenCVE AI on April 17, 2026 at 11:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Codesys
Codesys codesys Installer
Vendors & Products Codesys
Codesys codesys Installer

Tue, 10 Mar 2026 07:30:00 +0000

Type Values Removed Values Added
Description If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.
Title CODESYS Installer TOCTOU Privilege Escalation
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Codesys Codesys Installer
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-10T16:51:59.328Z

Reserved: 2026-02-11T18:46:15.172Z

Link: CVE-2026-2364

cve-icon Vulnrichment

Updated: 2026-03-10T15:39:50.280Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-10T17:39:29.587

Modified: 2026-03-11T13:53:47.157

Link: CVE-2026-2364

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses