8.8
CVE-2023-6357
- EPSS 0.28%
- Published 05.12.2023 15:15:08
- Last modified 21.11.2024 08:43:41
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
Data is provided by the National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version < 4.11.0.0
Codesys ≫ Control For Empc-a/imx6 Version < 4.11.0.0
Codesys ≫ Control For Iot2000 Sl Version < 4.11.0.0
Codesys ≫ Control For Linux Arm Sl Version < 4.11.0.0
Codesys ≫ Control For Linux Sl Version < 4.11.0.0
Codesys ≫ Control For Pfc100 Sl Version < 4.11.0.0
Codesys ≫ Control For Pfc200 Sl Version < 4.11.0.0
Codesys ≫ Control For Plcnext Sl Version < 4.11.0.0
Codesys ≫ Control For Raspberry Pi Sl Version < 4.11.0.0
Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.11.0.0
Codesys ≫ Runtime Toolkit Version < 3.5.19.50
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.514 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| info@cert.vde.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.