Lucene search

[email protected]CVE-2023-37554

HistoryAug 03, 2023 - 12:15 p.m.

CVE-2023-37554

2023-08-0312:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-37554

codesys

authentication

network communication

denial-of-service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.

Affected configurations

NVD

Node

codesyscontrol_for_beaglebone_slRange<4.10.0.0

codesyscontrol_for_empc-a\/imx6_slRange<4.10.0.0

codesyscontrol_for_iot2000_slRange<4.10.0.0

codesyscontrol_for_linux_slRange<4.10.0.0

codesyscontrol_for_pfc100_slRange<4.10.0.0

codesyscontrol_for_pfc200_slRange<4.10.0.0

codesyscontrol_for_plcnext_slRange<4.10.0.0

codesyscontrol_for_raspberry_pi_slRange<4.10.0.0

codesyscontrol_for_wago_touch_panels_600_slRange<4.10.0.0

Node

codesyscontrol_rte_slRange<3.5.19.20

codesyscontrol_rte_sl_\(for_beckhoff_cx\)Range<3.5.19.20

codesyscontrol_runtime_system_toolkitRange<3.5.19.20

codesyscontrol_win_slRange<3.5.19.20

codesysdevelopment_systemRange<3.5.19.20

codesyshmiRange<3.5.19.20

codesyssafety_sil2Range<3.5.19.20

CPENameOperatorVersion
codesys:control_for_beaglebone_slcodesys control for beaglebone sllt4.10.0.0
codesys:control_for_empc-a\/imx6_slcodesys control for empc-a/imx6 sllt4.10.0.0
codesys:control_for_iot2000_slcodesys control for iot2000 sllt4.10.0.0
codesys:control_for_linux_slcodesys control for linux sllt4.10.0.0
codesys:control_for_pfc100_slcodesys control for pfc100 sllt4.10.0.0
codesys:control_for_pfc200_slcodesys control for pfc200 sllt4.10.0.0
codesys:control_for_plcnext_slcodesys control for plcnext sllt4.10.0.0
codesys:control_for_raspberry_pi_slcodesys control for raspberry pi sllt4.10.0.0
codesys:control_for_wago_touch_panels_600_slcodesys control for wago touch panels 600 sllt4.10.0.0

CPE	Name	Operator	Version
codesys:control_for_beaglebone_sl	codesys control for beaglebone sl	lt	4.10.0.0
codesys:control_for_empc-a\/imx6_sl	codesys control for empc-a/imx6 sl	lt	4.10.0.0
codesys:control_for_iot2000_sl	codesys control for iot2000 sl	lt	4.10.0.0
codesys:control_for_linux_sl	codesys control for linux sl	lt	4.10.0.0
codesys:control_for_pfc100_sl	codesys control for pfc100 sl	lt	4.10.0.0
codesys:control_for_pfc200_sl	codesys control for pfc200 sl	lt	4.10.0.0
codesys:control_for_plcnext_sl	codesys control for plcnext sl	lt	4.10.0.0
codesys:control_for_raspberry_pi_sl	codesys control for raspberry pi sl	lt	4.10.0.0
codesys:control_for_wago_touch_panels_600_sl	codesys control for wago touch panels 600 sl	lt	4.10.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for BeagleBone SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for PLCnext SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.10.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control RTE (for Beckhoff CX) SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control RTE (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control Runtime System Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control Win (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Development System V3",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS HMI (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Safety SIL2 Runtime Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.19.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-019/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-37554

nvd5 cve4 cvelist5 prion5