Lucene search

CERTVDECVELIST:CVE-2023-49675

HistoryMay 06, 2024 - 11:09 a.m.

CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files

2024-05-0611:09:17

CWE-787

CERTVDE

www.cve.org

cve-2023-49675

codesys

local attacker

corrupted project files

arbitrary code

system crash

out-of-bounds write

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.7%

JSON

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Development System V2.3",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "2.3.9.73",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2024-024

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVELIST:CVE-2023-49675