CVE-2023-37546 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-37546 PUBLISHED CVSS 6.5 MEDIUM

In multiple CODESYS products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition.

EPSS 0.08% · 23.8th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:W/RC:C

EPSS Score

0.08%

23.8th percentile

Affected Products

Vendor	Product	Versions
ABB	ACS880 IGBT Supply Control Program ALHLX < v3.43
ABB	ACS6080 Firmware Version >=LAAAA 2.10.0\|<=LAAAB 5.06.1
ABB	ACS880 Primary Control Program YINLX < v1.30
ABB	ACS5000 Firmware Version >=LAAAB 4.03.0\|<= LAAAB 5.06.1
ABB	ACS880 Test Bench Control Program ATBLX <= v3.44.0.0
ABB	ACS880 IGBT Supply Control Program YISLX < v1.30
ABB	DCT880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3)
ABB	ACS880 IGBT Supply Control Program AISLX < v3.43
ABB	DCS880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3)
ABB	ACS880 Position Control Program APCLX <= v1.04.0.5
ABB	DCS880 memory unit incl. DEMag
ABB	DCS880 memory unit incl. DCC
ABB	ACS6000 Firmware Version >=LAAAA 2.10.0\|<=LAAAB 5.06.1
ABB	DCT880 memory unit incl. Power Optimizer
ABB	ACS880 IGBT Supply Control Program YLHLX < v1.30
ABB	ACS880 Primary Control Program AINLX < v3.47

Timeline

Aug 3, 2023 CVE Published
Aug 4, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 9, 2023 EPSS Score
Nov 12, 2023 EPSS Score
Dec 15, 2023 EPSS Score
Jan 17, 2024 EPSS Score
Feb 19, 2024 EPSS Score
Mar 23, 2024 EPSS Score
Apr 26, 2024 EPSS Score
May 29, 2024 EPSS Score
Jul 1, 2024 EPSS Score

References

Open in Interactive Console →