CODESYS Development System 3 prior to 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.