Lucene search

[email protected]CVE-2023-37551

HistoryAug 03, 2023 - 12:15 p.m.

CVE-2023-37551

2023-08-0312:15:10

CWE-552

[email protected]

web.nvd.nist.gov

cve

2023

37551

unauthorized file download

codesys

vulnerability

network communication

file extension

authentication

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.

Affected configurations

NVD

Node

codesyscontrol_for_beaglebone_slRange<4.10.0.0

codesyscontrol_for_empc-a\/imx6_slRange<4.10.0.0

codesyscontrol_for_iot2000_slRange<4.10.0.0

codesyscontrol_for_linux_slRange<4.10.0.0

codesyscontrol_for_pfc100_slRange<4.10.0.0

codesyscontrol_for_pfc200_slRange<4.10.0.0

codesyscontrol_for_plcnext_slRange<4.10.0.0

codesyscontrol_for_raspberry_pi_slRange<4.10.0.0

codesyscontrol_for_wago_touch_panels_600_slRange<4.10.0.0

Node

codesyscontrol_rte_slRange<3.5.19.20

codesyscontrol_rte_sl_\(for_beckhoff_cx\)Range<3.5.19.20

codesyscontrol_runtime_system_toolkitRange<3.5.19.20

codesyscontrol_win_slRange<3.5.19.20

codesysdevelopment_systemRange<3.5.19.20

codesyshmiRange<3.5.19.20

codesyssafety_sil2Range<3.5.19.20

CPENameOperatorVersion
codesys:control_for_beaglebone_slcodesys control for beaglebone sllt4.10.0.0
codesys:control_for_empc-a\/imx6_slcodesys control for empc-a/imx6 sllt4.10.0.0
codesys:control_for_iot2000_slcodesys control for iot2000 sllt4.10.0.0
codesys:control_for_linux_slcodesys control for linux sllt4.10.0.0
codesys:control_for_pfc100_slcodesys control for pfc100 sllt4.10.0.0
codesys:control_for_pfc200_slcodesys control for pfc200 sllt4.10.0.0
codesys:control_for_plcnext_slcodesys control for plcnext sllt4.10.0.0
codesys:control_for_raspberry_pi_slcodesys control for raspberry pi sllt4.10.0.0
codesys:control_for_wago_touch_panels_600_slcodesys control for wago touch panels 600 sllt4.10.0.0

CPE	Name	Operator	Version
codesys:control_for_beaglebone_sl	codesys control for beaglebone sl	lt	4.10.0.0
codesys:control_for_empc-a\/imx6_sl	codesys control for empc-a/imx6 sl	lt	4.10.0.0
codesys:control_for_iot2000_sl	codesys control for iot2000 sl	lt	4.10.0.0
codesys:control_for_linux_sl	codesys control for linux sl	lt	4.10.0.0
codesys:control_for_pfc100_sl	codesys control for pfc100 sl	lt	4.10.0.0
codesys:control_for_pfc200_sl	codesys control for pfc200 sl	lt	4.10.0.0
codesys:control_for_plcnext_sl	codesys control for plcnext sl	lt	4.10.0.0
codesys:control_for_raspberry_pi_sl	codesys control for raspberry pi sl	lt	4.10.0.0
codesys:control_for_wago_touch_panels_600_sl	codesys control for wago touch panels 600 sl	lt	4.10.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for BeagleBone SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for PLCnext SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control RTE (for Beckhoff CX) SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control RTE (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control Runtime System Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control Win (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Development System V3",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS HMI (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Safety SIL2 Runtime Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-019/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVE-2023-37551

prion1 nvd1 cvelist1