VDB
CVE-2023-37558
CVE-2023-37558
PUBLISHED
CVSS 6.5 MEDIUM
After successful authentication as a user in multiple CODESYS products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition.
EPSS 0.20% · 42.0th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.20%
42.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | ACS880 Test Bench Control Program ATBLX <= v3.44.0.0 | |
| ABB | ACS5000 Firmware Version >=LAAAB 4.03.0|<= LAAAB 5.06.1 | |
| ABB | DCT880 memory unit incl. Power Optimizer | |
| ABB | ACS880 Primary Control Program YINLX < v1.30 | |
| ABB | ACS880 IGBT Supply Control Program ALHLX < v3.43 | |
| ABB | ACS880 IGBT Supply Control Program AISLX < v3.43 | |
| ABB | DCS880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3) | |
| ABB | ACS880 IGBT Supply Control Program YISLX < v1.30 | |
| ABB | ACS880 Position Control Program APCLX <= v1.04.0.5 | |
| ABB | DCS880 memory unit incl. DEMag | |
| ABB | ACS880 IGBT Supply Control Program YLHLX < v1.30 | |
| ABB | DCT880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3) | |
| ABB | ACS6080 Firmware Version >=LAAAA 2.10.0|<=LAAAB 5.06.1 | |
| ABB | DCS880 memory unit incl. DCC | |
| ABB | ACS880 Primary Control Program AINLX < v3.47 | |
| ABB | ACS6000 Firmware Version >=LAAAA 2.10.0|<=LAAAB 5.06.1 |
Timeline
- Aug 3, 2023 CVE Published
- Aug 4, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 11, 2023 EPSS Score
- Nov 13, 2023 EPSS Score
- Dec 17, 2023 EPSS Score
- Jan 20, 2024 EPSS Score
- Feb 23, 2024 EPSS Score
- Mar 28, 2024 EPSS Score
- Apr 30, 2024 EPSS Score
- Jun 3, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
References
- https://psirt.abb.com/csaf/2025/9akk108470a9989.json advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17764&token=4b2f3cf3a800d076b22f18d49f278bd8883dbd46&download= advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17765&token=04e117e1408fdb8e02b4bc821aa3be819668aef4&download= advisory
- https://new.abb.com/drives/what-is-a-variable-speed-drive advisory
- https://new.abb.com/drives/medium-voltage-ac-drives/acs6080 advisory
- https://new.abb.com/drives/medium-voltage-ac-drives/acs5000 advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A4323&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A9989&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-37558 advisory
- https://psirt.abb.com/csaf/2025/9akk108470a9494.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A9494&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory
- https://psirt.abb.com/csaf/2025/9akk108470a9491.json advisory
- https://library.abb.com/d/3AXD50001000998 advisory
- https://library.abb.com/d/3AUA0000085967 advisory
- https://global.abb/group/en/media/resources/glossary advisory
- https://library.abb.com/d/3AXD50001019464 advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A9491&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory