CVE-2023-37556

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-37556
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert.vde.com/en/advisories/VDE-2023-019/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*
History

08 Aug 2023, 15:43

Type Values Removed Values Added
CWE CWE-20 NVD-CWE-noinfo
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-019/ - (MISC) https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory
CPE cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*

03 Aug 2023, 12:40

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-03 12:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-37556

Mitre link : CVE-2023-37556

CVE.ORG link : CVE-2023-37556

JSON object : View

Products Affected

codesys

  • control_rte_sl_\(for_beckhoff_cx\)
  • control_for_raspberry_pi_sl
  • control_rte_sl
  • control_runtime_system_toolkit
  • control_for_pfc100_sl
  • control_win_sl
  • development_system
  • hmi
  • control_for_iot2000_sl
  • control_for_pfc200_sl
  • safety_sil2
  • control_for_wago_touch_panels_600_sl
  • control_for_empc-a\/imx6_sl
  • control_for_linux_sl
  • control_for_beaglebone_sl
  • control_for_plcnext_sl
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation