CVE-2023-37557

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CERTVDECNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
codesyscontrol_for_beaglebone_sl
𝑥
< 4.10.0.0
codesyscontrol_for_empc-a\/imx6_sl
𝑥
< 4.10.0.0
codesyscontrol_for_iot2000_sl
𝑥
< 4.10.0.0
codesyscontrol_for_linux_sl
𝑥
< 4.10.0.0
codesyscontrol_for_pfc100_sl
𝑥
< 4.10.0.0
codesyscontrol_for_pfc200_sl
𝑥
< 4.10.0.0
codesyscontrol_for_plcnext_sl
𝑥
< 4.10.0.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 4.10.0.0
codesyscontrol_for_wago_touch_panels_600_sl
𝑥
< 4.10.0.0
codesyscontrol_rte_sl
𝑥
< 3.5.19.20
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
𝑥
< 3.5.19.20
codesyscontrol_runtime_system_toolkit
𝑥
< 3.5.19.20
codesyscontrol_win_sl
𝑥
< 3.5.19.20
codesysdevelopment_system
𝑥
< 3.5.19.20
codesyshmi
𝑥
< 3.5.19.20
codesyssafety_sil2
𝑥
< 3.5.19.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en/advisories/VDE-2023-019/
https://cert.vde.com/en/advisories/VDE-2023-019/