Lucene search

[email protected]NVD:CVE-2023-37557

HistoryAug 03, 2023 - 12:15 p.m.

CVE-2023-37557

2023-08-0312:15:10

CWE-787

[email protected]

web.nvd.nist.gov

authentication

remote communication

denial of service

buffer overflow

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

13.5%

JSON

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.

Affected configurations

NVD

Node

codesyscontrol_for_beaglebone_slRange<4.10.0.0

codesyscontrol_for_empc-a\/imx6_slRange<4.10.0.0

codesyscontrol_for_iot2000_slRange<4.10.0.0

codesyscontrol_for_linux_slRange<4.10.0.0

codesyscontrol_for_pfc100_slRange<4.10.0.0

codesyscontrol_for_pfc200_slRange<4.10.0.0

codesyscontrol_for_plcnext_slRange<4.10.0.0

codesyscontrol_for_raspberry_pi_slRange<4.10.0.0

codesyscontrol_for_wago_touch_panels_600_slRange<4.10.0.0

Node

codesyscontrol_rte_slRange<3.5.19.20

codesyscontrol_rte_sl_\(for_beckhoff_cx\)Range<3.5.19.20

codesyscontrol_runtime_system_toolkitRange<3.5.19.20

codesyscontrol_win_slRange<3.5.19.20

codesysdevelopment_systemRange<3.5.19.20

codesyshmiRange<3.5.19.20

codesyssafety_sil2Range<3.5.19.20

References

cert.vde.com/en/advisories/VDE-2023-019/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

13.5%

JSON

Related for NVD:CVE-2023-37557

cvelist1 cve1 prion1