What is CVE-2023-37546?

CVE-2023-37546 is a vulnerability found in multiple Codesys products that can cause a denial-of-service condition.

How does CVE-2023-37546 affect Codesys products?

CVE-2023-37546 affects multiple versions of Codesys products, leading to a denial-of-service condition.

What is the severity of CVE-2023-37546?

CVE-2023-37546 has a severity rating of 6.5, which is considered medium.

How can I fix CVE-2023-37546 in Codesys products?

To fix CVE-2023-37546, it is recommended to update the affected Codesys products to version 4.10.0.0 or later.

Where can I find more information about CVE-2023-37546?

You can find more information about CVE-2023-37546 at the following link: https://cert.vde.com/en/advisories/VDE-2023-019

Vulnerability/
CVE-2023-37546

medium

6.5

CWE

3/8/2023

11/10/2024

CVE-2023-37546: CODESYS: Improper Input Validation in CmpApp component

First published: Thu Aug 03 2023(Updated: )

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550

Credit: info@cert.vde.com info@cert.vde.com

Affected Software	Affected Version	How to fix
Codesys Control For Beaglebone Sl	<4.10.0.0
Codesys Control For Empc-a\/imx6 Sl	<4.10.0.0
Codesys Control For Iot2000 Sl	<4.10.0.0
Codesys Control For Linux Sl	<4.10.0.0
Codesys Control For Pfc100 Sl	<4.10.0.0
Codesys Control For Pfc200 Sl	<4.10.0.0
Codesys Control For Plcnext Sl	<4.10.0.0
Codesys Control For Raspberry Pi Sl	<4.10.0.0
Codesys Control For Wago Touch Panels 600 Sl	<4.10.0.0
Codesys Control Rte Sl	<3.5.19.20
Codesys Control Rte Sl \(for Beckhoff Cx\)	<3.5.19.20
Codesys Control Runtime System Toolkit	<3.5.19.20
Codesys Control Win Sl	<3.5.19.20
CODESYS Development System	<3.5.19.20
Codesys Hmi	<3.5.19.20
Codesys Safety Sil2	<3.5.19.20

Never miss a vulnerability like this again

Reference Links

https://cert.vde.com/en/advisories/VDE-2023-019

Frequently Asked Questions

What is CVE-2023-37546?
CVE-2023-37546 is a vulnerability found in multiple Codesys products that can cause a denial-of-service condition.
How does CVE-2023-37546 affect Codesys products?
CVE-2023-37546 affects multiple versions of Codesys products, leading to a denial-of-service condition.
What is the severity of CVE-2023-37546?
CVE-2023-37546 has a severity rating of 6.5, which is considered medium.
How can I fix CVE-2023-37546 in Codesys products?
To fix CVE-2023-37546, it is recommended to update the affected Codesys products to version 4.10.0.0 or later.
Where can I find more information about CVE-2023-37546?
You can find more information about CVE-2023-37546 at the following link: https://cert.vde.com/en/advisories/VDE-2023-019

collector/nvd-latest
collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/title
agent/references
agent/weakness
agent/event
agent/description
agent/tags
agent/first-publish-date
vendor/codesys
canonical/codesys control for beaglebone sl
canonical/codesys control for empc-a\/imx6 sl
canonical/codesys control for iot2000 sl
canonical/codesys control for linux sl
canonical/codesys control for pfc100 sl
canonical/codesys control for pfc200 sl
canonical/codesys control for plcnext sl
canonical/codesys control for raspberry pi sl
canonical/codesys control for wago touch panels 600 sl
canonical/codesys control rte sl
canonical/codesys control rte sl \(for beckhoff cx\)
canonical/codesys control runtime system toolkit
canonical/codesys control win sl
canonical/codesys development system
canonical/codesys hmi
canonical/codesys safety sil2