Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559

Published

2023-08-03T12:15:10.890

Last Modified

2024-11-21T08:11:56.503

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	codesys	control_for_beaglebone_sl	< 4.10.0.0	Yes
Application	codesys	control_for_empc-a\/imx6_sl	< 4.10.0.0	Yes
Application	codesys	control_for_iot2000_sl	< 4.10.0.0	Yes
Application	codesys	control_for_linux_sl	< 4.10.0.0	Yes
Application	codesys	control_for_pfc100_sl	< 4.10.0.0	Yes
Application	codesys	control_for_pfc200_sl	< 4.10.0.0	Yes
Application	codesys	control_for_plcnext_sl	< 4.10.0.0	Yes
Application	codesys	control_for_raspberry_pi_sl	< 4.10.0.0	Yes
Application	codesys	control_for_wago_touch_panels_600_sl	< 4.10.0.0	Yes
Application	codesys	control_rte_sl	< 3.5.19.20	Yes
Application	codesys	control_rte_sl_\(for_beckhoff_cx\)	< 3.5.19.20	Yes
Application	codesys	control_runtime_system_toolkit	< 3.5.19.20	Yes
Application	codesys	control_win_sl	< 3.5.19.20	Yes
Application	codesys	development_system	< 3.5.19.20	Yes
Application	codesys	hmi	< 3.5.19.20	Yes
Application	codesys	safety_sil2	< 3.5.19.20	Yes

References

https://cert.vde.com/en/advisories/VDE-2023-019/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2023-019/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)