CVE-2026-44468
Directory Permission Flaw in Product Leads to Privilege Escalation
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codesys | development_system | to 3.5.22.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the CODESYS Development System where temporary directories are created with insecure default permissions during administrative installation.
Because of these insecure permissions, a low-privileged local attacker can modify a temporary bootstrap file that defines which components get installed.
By doing so, the attacker can force the deployment of arbitrary components, effectively escalating their privileges on the system.
Additionally, there is a race condition (TOCTOU) that allows replacing verified installation files with malicious ones before installation.
Both issues bypass security boundaries during package installation, allowing installation of arbitrary files with elevated privileges.
How can this vulnerability impact me? :
Exploitation of this vulnerability allows a low-privileged local attacker to escalate their privileges to administrative level.
This means the attacker can install arbitrary files or components with elevated privileges, potentially compromising the entire operating system.
Such a compromise can lead to unauthorized access, control over system resources, and the ability to execute malicious code.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for the presence of insecure temporary directories or files created by the PackageManager and IPM components during administrative installation in affected versions of the CODESYS Development System.
Specifically, you can look for temporary directories with insecure permissions that allow modification by low-privileged users.
Commands to help detect this might include searching for directories created during installation with overly permissive access rights, for example on a Unix-like system:
- find /tmp -type d -perm -o+w -ls
- ls -ld /path/to/codesys/temp/directories
Additionally, monitoring for unexpected modifications to bootstrap or installation files during package installation could indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the CODESYS Development System to version 3.5.22.20 or later, as this version addresses the insecure permissions issue.
Until the upgrade can be applied, restrict local user permissions to prevent modification of temporary installation directories and files created during administrative installation.
Also, monitor and audit file system permissions and installation activities to detect any unauthorized changes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows local privilege escalation by enabling low-privileged users to deploy arbitrary components with elevated privileges, potentially compromising the underlying operating system.
Such a compromise can lead to unauthorized access or modification of sensitive data, which may violate security requirements mandated by common standards and regulations like GDPR and HIPAA.
Therefore, if exploited, this vulnerability could negatively impact compliance with these regulations by undermining data confidentiality, integrity, and system security.