6.5
CVE-2023-37547
- EPSS 0.08%
- Published 03.08.2023 12:15:09
- Last modified 21.11.2024 08:11:54
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550
Data is provided by the National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version < 4.10.0.0
Codesys ≫ Control For Empc-a/imx6 Sl Version < 4.10.0.0
Codesys ≫ Control For Iot2000 Sl Version < 4.10.0.0
Codesys ≫ Control For Linux Sl Version < 4.10.0.0
Codesys ≫ Control For Pfc100 Sl Version < 4.10.0.0
Codesys ≫ Control For Pfc200 Sl Version < 4.10.0.0
Codesys ≫ Control For Plcnext Sl Version < 4.10.0.0
Codesys ≫ Control For Raspberry Pi Sl Version < 4.10.0.0
Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.10.0.0
Codesys ≫ Control Rte Sl Version < 3.5.19.20
Codesys ≫ Control Rte Sl (for Beckhoff Cx) Version < 3.5.19.20
Codesys ≫ Control Runtime System Toolkit Version < 3.5.19.20
Codesys ≫ Control Win Sl Version < 3.5.19.20
Codesys ≫ Development System Version < 3.5.19.20
Codesys ≫ Safety Sil2 Version < 3.5.19.20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.243 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.