CVE-2023-37558 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-37558 PUBLISHED CVSS 6.5 MEDIUM

After successful authentication as a user in multiple CODESYS products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition.

EPSS 0.08% · 23.8th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:W/RC:C

EPSS Score

0.08%

23.8th percentile

Affected Products

Vendor	Product	Versions
ABB	ACS880 Test Bench Control Program ATBLX <= v3.44.0.0
ABB	ACS5000 Firmware Version >=LAAAB 4.03.0\|<= LAAAB 5.06.1
ABB	DCT880 memory unit incl. Power Optimizer
ABB	ACS880 Primary Control Program YINLX < v1.30
ABB	ACS880 IGBT Supply Control Program ALHLX < v3.43
ABB	ACS880 IGBT Supply Control Program AISLX < v3.43
ABB	DCS880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3)
ABB	ACS880 IGBT Supply Control Program YISLX < v1.30
ABB	ACS880 Position Control Program APCLX <= v1.04.0.5
ABB	DCS880 memory unit incl. DEMag
ABB	ACS880 IGBT Supply Control Program YLHLX < v1.30
ABB	DCT880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3)
ABB	ACS6080 Firmware Version >=LAAAA 2.10.0\|<=LAAAB 5.06.1
ABB	DCS880 memory unit incl. DCC
ABB	ACS880 Primary Control Program AINLX < v3.47
ABB	ACS6000 Firmware Version >=LAAAA 2.10.0\|<=LAAAB 5.06.1

Timeline

Aug 3, 2023 CVE Published
Aug 4, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 9, 2023 EPSS Score
Nov 12, 2023 EPSS Score
Dec 15, 2023 EPSS Score
Jan 17, 2024 EPSS Score
Feb 19, 2024 EPSS Score
Mar 23, 2024 EPSS Score
Apr 26, 2024 EPSS Score
May 29, 2024 EPSS Score
Jul 1, 2024 EPSS Score

References

Open in Interactive Console →