CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:11

Type Values Removed Values Added
References () https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory () https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory
Summary
  • (es) Después de una autenticación exitosa como usuario en múltiples productos Codesys en múltiples versiones, solicitudes de comunicación de red específicas diseñadas con contenido inconsistente pueden hacer que el componente CmpAppForce lea internamente desde una dirección no válida, lo que podría conducir a una condición de denegación de servicio. Esta vulnerabilidad es diferente a CVE-2023-37559

Information

Published : 2023-08-03 12:15

Updated : 2024-11-21 08:11


NVD link : CVE-2023-37558

Mitre link : CVE-2023-37558

CVE.ORG link : CVE-2023-37558


JSON object : View

Products Affected

codesys

  • hmi
  • safety_sil2
  • control_for_plcnext_sl
  • control_for_raspberry_pi_sl
  • control_rte_sl_\(for_beckhoff_cx\)
  • control_rte_sl
  • control_win_sl
  • control_for_empc-a\/imx6_sl
  • control_for_linux_sl
  • control_for_pfc200_sl
  • control_for_wago_touch_panels_600_sl
  • control_for_iot2000_sl
  • control_runtime_system_toolkit
  • control_for_pfc100_sl
  • development_system
  • control_for_beaglebone_sl
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo