Race condition

2023-08-0312:15:00

PRIOn knowledge base

www.prio-n.com

race condition

codesys

user authentication

network communication

denial-of-service

vulnerability

cve-2023-37559

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.4%

JSON

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559

CPENameOperatorVersion
control_for_beaglebone_sllt4.10.0.0
control_for_empc-a\\/imx6_sllt4.10.0.0
control_for_iot2000_sllt4.10.0.0
control_for_linux_sllt4.10.0.0
control_for_pfc100_sllt4.10.0.0
control_for_pfc200_sllt4.10.0.0
control_for_plcnext_sllt4.10.0.0
control_for_raspberry_pi_sllt4.10.0.0
control_for_wago_touch_panels_600_sllt4.10.0.0
control_rte_sllt3.5.19.20

Name	Operator	Version
control_for_beaglebone_sl	lt	4.10.0.0
control_for_empc-a\\/imx6_sl	lt	4.10.0.0
control_for_iot2000_sl	lt	4.10.0.0
control_for_linux_sl	lt	4.10.0.0
control_for_pfc100_sl	lt	4.10.0.0
control_for_pfc200_sl	lt	4.10.0.0
control_for_plcnext_sl	lt	4.10.0.0
control_for_raspberry_pi_sl	lt	4.10.0.0
control_for_wago_touch_panels_600_sl	lt	4.10.0.0
control_rte_sl	lt	3.5.19.20

Rows per page:

1-10 of 161

References

cert.vde.com/en/advisories/VDE-2023-019/