CVE-2023-37548

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546,CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CERTVDECNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
codesyscontrol_for_beaglebone_sl
𝑥
< 4.10.0.0
codesyscontrol_for_empc-a\/imx6_sl
𝑥
< 4.10.0.0
codesyscontrol_for_iot2000_sl
𝑥
< 4.10.0.0
codesyscontrol_for_linux_sl
𝑥
< 4.10.0.0
codesyscontrol_for_pfc100_sl
𝑥
< 4.10.0.0
codesyscontrol_for_pfc200_sl
𝑥
< 4.10.0.0
codesyscontrol_for_plcnext_sl
𝑥
< 4.10.0.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 4.10.0.0
codesyscontrol_for_wago_touch_panels_600_sl
𝑥
< 4.10.0.0
codesyscontrol_rte_sl
𝑥
< 3.5.19.20
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
𝑥
< 3.5.19.20
codesyscontrol_runtime_system_toolkit
𝑥
< 3.5.19.20
codesyscontrol_win_sl
𝑥
< 3.5.19.20
codesysdevelopment_system
𝑥
< 3.5.19.20
codesyshmi
𝑥
< 3.5.19.20
codesyssafety_sil2
𝑥
< 3.5.19.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2023-019
https://cert.vde.com/en/advisories/VDE-2023-019