VDB
CVE-2023-37557
CVE-2023-37557
PUBLISHED
CVSS 6.5 MEDIUM
After successful authentication as a user in multiple CODESYS products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition
EPSS 0.11% · 29.2th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.11%
29.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | DCS880 memory unit incl. DCC | |
| ABB | ACS6000 Firmware Version >=LAAAA 2.10.0|<=LAAAB 5.06.1 | |
| ABB | ACS880 Primary Control Program AINLX < v3.47 | |
| ABB | DCT880 memory unit incl. Power Optimizer | |
| ABB | ACS6080 Firmware Version >=LAAAA 2.10.0|<=LAAAB 5.06.1 | |
| ABB | ACS880 Position Control Program APCLX <= v1.04.0.5 | |
| ABB | ACS880 IGBT Supply Control Program AISLX < v3.43 | |
| ABB | ACS880 IGBT Supply Control Program ALHLX < v3.43 | |
| ABB | ACS880 Primary Control Program YINLX < v1.30 | |
| ABB | ACS880 IGBT Supply Control Program YISLX < v1.30 | |
| ABB | DCS880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3) | |
| ABB | ACS880 Test Bench Control Program ATBLX <= v3.44.0.0 | |
| ABB | ACS5000 Firmware Version >=LAAAB 4.03.0|<= LAAAB 5.06.1 | |
| ABB | DCT880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3) | |
| ABB | ACS880 IGBT Supply Control Program YLHLX < v1.30 | |
| ABB | DCS880 memory unit incl. DEMag |
Timeline
- Aug 3, 2023 CVE Published
- Aug 4, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 11, 2023 EPSS Score
- Nov 13, 2023 EPSS Score
- Dec 17, 2023 EPSS Score
- Jan 20, 2024 EPSS Score
- Feb 23, 2024 EPSS Score
- Mar 28, 2024 EPSS Score
- Apr 30, 2024 EPSS Score
- Jun 3, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
References
- https://psirt.abb.com/csaf/2025/9akk108470a9989.json advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17764&token=4b2f3cf3a800d076b22f18d49f278bd8883dbd46&download= advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17765&token=04e117e1408fdb8e02b4bc821aa3be819668aef4&download= advisory
- https://new.abb.com/drives/what-is-a-variable-speed-drive advisory
- https://new.abb.com/drives/medium-voltage-ac-drives/acs6080 advisory
- https://new.abb.com/drives/medium-voltage-ac-drives/acs5000 advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A4323&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A9989&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-37557 advisory
- https://psirt.abb.com/csaf/2025/9akk108470a9494.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A9494&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory
- https://psirt.abb.com/csaf/2025/9akk108470a9491.json advisory
- https://library.abb.com/d/3AXD50001000998 advisory
- https://library.abb.com/d/3AUA0000085967 advisory
- https://global.abb/group/en/media/resources/glossary advisory
- https://library.abb.com/d/3AXD50001019464 advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A9491&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory