A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
References
| Link | Resource |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2023-066 | Mitigation Third Party Advisory |
| https://https://cert.vde.com/en/advisories/VDE-2023-066 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
11 Dec 2023, 20:49
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:* |
|
| References |
|
|
| References | () https://https://cert.vde.com/en/advisories/VDE-2023-066 - Broken Link |
05 Dec 2023, 15:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-05 15:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-6357
Mitre link : CVE-2023-6357
CVE.ORG link : CVE-2023-6357
JSON object : View
Products Affected
codesys
- runtime_toolkit
- control_for_raspberry_pi_sl
- control_for_pfc100_sl
- control_for_iot2000_sl
- control_for_pfc200_sl
- control_for_wago_touch_panels_600_sl
- control_for_linux_sl
- control_for_linux_arm_sl
- control_for_beaglebone_sl
- control_for_empc-a\/imx6
- control_for_plcnext_sl
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')