Vulnetix
Try Vulnetix Request Demo
CVE-2023-37557 PUBLISHED CVSS 6.5 MEDIUM

After successful authentication as a user in multiple CODESYS products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition

EPSS 0.05% · 16.3th percentile

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:W/RC:C
EPSS Score
0.05%
16.3th percentile

Affected Products

VendorProductVersions
ABBDCS880 memory unit incl. DCC
ABBACS6000 Firmware Version >=LAAAA 2.10.0|<=LAAAB 5.06.1
ABBACS880 Primary Control Program AINLX < v3.47
ABBDCT880 memory unit incl. Power Optimizer
ABBACS6080 Firmware Version >=LAAAA 2.10.0|<=LAAAB 5.06.1
ABBACS880 Position Control Program APCLX <= v1.04.0.5
ABB ACS880 IGBT Supply Control Program AISLX < v3.43
ABB ACS880 IGBT Supply Control Program ALHLX < v3.43
ABBACS880 Primary Control Program YINLX < v1.30
ABB ACS880 IGBT Supply Control Program YISLX < v1.30
ABBDCS880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3)
ABBACS880 Test Bench Control Program ATBLX <= v3.44.0.0
ABBACS5000 Firmware Version >=LAAAB 4.03.0|<= LAAAB 5.06.1
ABBDCT880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3)
ABB ACS880 IGBT Supply Control Program YLHLX < v1.30
ABBDCS880 memory unit incl. DEMag

Timeline

References

Open in Interactive Console →