6.5
CVE-2023-37559
- EPSS 0.08%
- Veröffentlicht 03.08.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:56
- Quelle info@cert.vde.com
- Teams Watchlist Login
- Unerledigt Login
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version < 4.10.0.0
Codesys ≫ Control For Empc-a/imx6 Sl Version < 4.10.0.0
Codesys ≫ Control For Iot2000 Sl Version < 4.10.0.0
Codesys ≫ Control For Linux Sl Version < 4.10.0.0
Codesys ≫ Control For Pfc100 Sl Version < 4.10.0.0
Codesys ≫ Control For Pfc200 Sl Version < 4.10.0.0
Codesys ≫ Control For Plcnext Sl Version < 4.10.0.0
Codesys ≫ Control For Raspberry Pi Sl Version < 4.10.0.0
Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.10.0.0
Codesys ≫ Control Rte Sl Version < 3.5.19.20
Codesys ≫ Control Rte Sl (for Beckhoff Cx) Version < 3.5.19.20
Codesys ≫ Control Runtime System Toolkit Version < 3.5.19.20
Codesys ≫ Control Win Sl Version < 3.5.19.20
Codesys ≫ Development System Version < 3.5.19.20
Codesys ≫ Safety Sil2 Version < 3.5.19.20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.243 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.