Lucene search

CERTVDEVULNRICHMENT:CVE-2023-49675

HistoryMay 06, 2024 - 11:09 a.m.

CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files

2024-05-0611:09:17

CWE-787

CERTVDE

github.com

cve-2023-49675

local attacker

corrupted project files

arbitrary code

system crash

out-of-bounds write

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

21.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*"
    ],
    "vendor": "codesys",
    "product": "development_system",
    "versions": [
      {
        "status": "affected",
        "version": "2.3"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert.vde.com/en/advisories/VDE-2024-024

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

21.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-49675