CODESYS Installer - Possible Privilege Escalation
Plan Patch7.3VDE-2026-012Mar 10, 2026
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
A race condition in the CODESYS Installer download and execution process allows a local attacker with limited privileges to replace the installer setup with malicious code before it is executed. Since the installer runs with administrator privileges, this can lead to privilege escalation. The vulnerability is triggered when a legitimate user confirms the self-update prompt for CODESYS Installer or initiates installation of the CODESYS Development System. The Add-Ons update process is not affected.
What this means
What could happen
An attacker with limited local access to a workstation can escalate to administrator privileges if a legitimate user initiates a CODESYS Installer update or system installation, potentially allowing malicious code to run with elevated rights and compromise the development environment.
Who's at risk
Development engineers and system administrators who use CODESYS Installer on engineering workstations to develop, test, or deploy industrial control system applications. Any organization using CODESYS Development System for PLC, motion control, or safety-critical automation programming is affected if updates are performed on shared or multi-user workstations.
How it could be exploited
An attacker with standard user privileges intercepts the CODESYS Installer's self-update or system installation process by exploiting a race condition in the download-and-execute sequence. Before the installer verifies and runs the downloaded setup, the attacker replaces it with malicious code. Since the installer runs with administrator rights during this process, the malicious payload executes with elevated privileges.
Prerequisites
- Local access to the workstation where CODESYS Installer is running
- Standard (non-administrator) user account on the target system
- A legitimate user must confirm the self-update prompt for CODESYS Installer or initiate installation of CODESYS Development System
Local privilege escalationRace condition vulnerabilityRequires user interaction (update confirmation)Affects development systems and engineering workstations
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Installer < 2.6.1.0< 2.6.1.02.6.1.0
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate CODESYS Installer to version 2.6.1.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2bf5db30-f704-4fbc-8b88-f17c8bf83967