Lucene search

[email protected]NVD:CVE-2023-37558

HistoryAug 03, 2023 - 12:15 p.m.

CVE-2023-37558

2023-08-0312:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-37558

authentication

codesys

cmpappforce

denial-of-service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.1%

JSON

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559

Affected configurations

Nvd

Node

codesyscontrol_for_beaglebone_slRange<4.10.0.0

codesyscontrol_for_empc-a\/imx6_slRange<4.10.0.0

codesyscontrol_for_iot2000_slRange<4.10.0.0

codesyscontrol_for_linux_slRange<4.10.0.0

codesyscontrol_for_pfc100_slRange<4.10.0.0

codesyscontrol_for_pfc200_slRange<4.10.0.0

codesyscontrol_for_plcnext_slRange<4.10.0.0

codesyscontrol_for_raspberry_pi_slRange<4.10.0.0

codesyscontrol_for_wago_touch_panels_600_slRange<4.10.0.0

Node

codesyscontrol_rte_slRange<3.5.19.20

codesyscontrol_rte_sl_\(for_beckhoff_cx\)Range<3.5.19.20

codesyscontrol_runtime_system_toolkitRange<3.5.19.20

codesyscontrol_win_slRange<3.5.19.20

codesysdevelopment_systemRange<3.5.19.20

codesyshmiRange<3.5.19.20

codesyssafety_sil2Range<3.5.19.20

VendorProductVersionCPE
codesyscontrol_for_beaglebone_sl*cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_empc-a\/imx6_sl*cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_iot2000_sl*cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_linux_sl*cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_pfc100_sl*cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_pfc200_sl*cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_plcnext_sl*cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_raspberry_pi_sl*cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
codesyscontrol_for_wago_touch_panels_600_sl*cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
codesyscontrol_rte_sl*cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
codesys	control_for_beaglebone_sl	*	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
codesys	control_for_empc-a\/imx6_sl	*	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
codesys	control_for_iot2000_sl	*	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
codesys	control_for_linux_sl	*	cpe:2.3:a:codesys:control_for_linux_sl::::::::
codesys	control_for_pfc100_sl	*	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
codesys	control_for_pfc200_sl	*	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
codesys	control_for_plcnext_sl	*	cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
codesys	control_for_raspberry_pi_sl	*	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
codesys	control_for_wago_touch_panels_600_sl	*	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
codesys	control_rte_sl	*	cpe:2.3:a:codesys:control_rte_sl::::::::

Rows per page:

1-10 of 161

References

cert.vde.com/en/advisories/VDE-2023-019/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.1%

JSON

Related for NVD:CVE-2023-37558

cve2 prion2 nvd1 cvelist2