VDB

CISA-2023-37547

CISA-2023-37547 PUBLISHED CVSS 6.5 MEDIUM

Reported by CERTVDE · Published August 3, 2023

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
CODESYSCODESYS Control for BeagleBone SL0
CODESYSCODESYS Control for emPC-A/iMX6 SL0
CODESYSCODESYS Control for IOT2000 SL0
CODESYSCODESYS Control for Linux SL0
CODESYSCODESYS Control for PFC100 SL0
CODESYSCODESYS Control for PFC200 SL0
CODESYSCODESYS Control for PLCnext SL0
CODESYSCODESYS Control for Raspberry Pi SL0
CODESYSCODESYS Control for WAGO Touch Panels 600 SL0
CODESYSCODESYS Control RTE (for Beckhoff CX) SL0
CODESYSCODESYS Control RTE (SL)0
CODESYSCODESYS Control Runtime System Toolkit0
CODESYSCODESYS Control Win (SL)0
CODESYSCODESYS Development System V30
CODESYSCODESYS HMI (SL)0
CODESYSCODESYS Safety SIL2 Runtime Toolkit0
CODESYSCODESYS Control for WAGO Touch Panels 600 SL0, 0
CODESYSCODESYS Control for PFC100 SL0, 0
CODESYSCODESYS Control RTE (for Beckhoff CX) SL0, 0
CODESYSCODESYS HMI (SL)0, 0

…and 12 more

Timeline

  • Aug 3, 2023 CVE Published
  • Oct 11, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›