8.8
CVE-2023-6357
- EPSS 0.28%
- Veröffentlicht 05.12.2023 15:15:08
- Zuletzt bearbeitet 21.11.2024 08:43:41
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginA low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version < 4.11.0.0
Codesys ≫ Control For Empc-a/imx6 Version < 4.11.0.0
Codesys ≫ Control For Iot2000 Sl Version < 4.11.0.0
Codesys ≫ Control For Linux Arm Sl Version < 4.11.0.0
Codesys ≫ Control For Linux Sl Version < 4.11.0.0
Codesys ≫ Control For Pfc100 Sl Version < 4.11.0.0
Codesys ≫ Control For Pfc200 Sl Version < 4.11.0.0
Codesys ≫ Control For Plcnext Sl Version < 4.11.0.0
Codesys ≫ Control For Raspberry Pi Sl Version < 4.11.0.0
Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.11.0.0
Codesys ≫ Runtime Toolkit Version < 3.5.19.50
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.514 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.