Lucene search

[email protected]NVD:CVE-2023-3663

HistoryAug 03, 2023 - 11:15 a.m.

CVE-2023-3663

2023-08-0311:15:10

CWE-345

[email protected]

web.nvd.nist.gov

codesys

development system

vulnerability

versions

remote attacker

content manipulation

http notifications

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.

Affected configurations

Nvd

Node

codesysdevelopment_systemRange3.5.11.20–3.5.19.20

VendorProductVersionCPE
codesysdevelopment_system*cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
codesys	development_system	*	cpe:2.3:a:codesys:development_system::::::::

References

cert.vde.com/en/advisories/VDE-2023-022/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

59.3%

JSON

Related for NVD:CVE-2023-3663

zdi1 cve1 cvelist1 prion1 ics1