After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-019/ | Third Party Advisory |
https://cert.vde.com/en/advisories/VDE-2023-019/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory |
08 Aug 2023, 15:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory | |
First Time |
Codesys control For Empc-a\/imx6 Sl
Codesys control Runtime System Toolkit Codesys control For Wago Touch Panels 600 Sl Codesys control Rte Sl Codesys control For Pfc100 Sl Codesys hmi Codesys control Win Sl Codesys control Rte Sl \(for Beckhoff Cx\) Codesys control For Beaglebone Sl Codesys Codesys control For Pfc200 Sl Codesys control For Raspberry Pi Sl Codesys control For Iot2000 Sl Codesys control For Plcnext Sl Codesys control For Linux Sl Codesys development System Codesys safety Sil2 |
|
CPE | cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:* |
03 Aug 2023, 12:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-03 12:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37557
Mitre link : CVE-2023-37557
CVE.ORG link : CVE-2023-37557
JSON object : View
Products Affected
codesys
- control_for_raspberry_pi_sl
- control_for_empc-a\/imx6_sl
- control_for_pfc100_sl
- control_runtime_system_toolkit
- safety_sil2
- control_rte_sl_\(for_beckhoff_cx\)
- control_for_linux_sl
- control_rte_sl
- control_for_wago_touch_panels_600_sl
- hmi
- control_for_pfc200_sl
- control_for_iot2000_sl
- development_system
- control_for_plcnext_sl
- control_for_beaglebone_sl
- control_win_sl
CWE
CWE-787
Out-of-bounds Write