First published: Thu Aug 03 2023(Updated: )
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
Credit: info@cert.vde.com info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Codesys Control For Beaglebone Sl | <4.10.0.0 | |
Codesys Control For Empc-a\/imx6 Sl | <4.10.0.0 | |
Codesys Control For Iot2000 Sl | <4.10.0.0 | |
Codesys Control For Linux Sl | <4.10.0.0 | |
Codesys Control For Pfc100 Sl | <4.10.0.0 | |
Codesys Control For Pfc200 Sl | <4.10.0.0 | |
Codesys Control For Plcnext Sl | <4.10.0.0 | |
Codesys Control For Raspberry Pi Sl | <4.10.0.0 | |
Codesys Control For Wago Touch Panels 600 Sl | <4.10.0.0 | |
Codesys Control Rte Sl | <3.5.19.20 | |
Codesys Control Rte Sl \(for Beckhoff Cx\) | <3.5.19.20 | |
Codesys Control Runtime System Toolkit | <3.5.19.20 | |
Codesys Control Win Sl | <3.5.19.20 | |
CODESYS Development System | <3.5.19.20 | |
Codesys Hmi | <3.5.19.20 | |
Codesys Safety Sil2 | <3.5.19.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-37557 is a vulnerability in multiple versions of Codesys products that can lead to a denial-of-service condition.
Multiple Codesys products in multiple versions, including Codesys Control for Beaglebone Sl, Codesys Control for Empc-a\/imx6 Sl, Codesys Control for Iot2000 Sl, and others, are affected by CVE-2023-37557.
CVE-2023-37557 has a severity rating of 6.5, which is considered medium.
To fix CVE-2023-37557, it is recommended to update to a version of the affected Codesys products that is higher than 4.10.0.0.
You can find more information about CVE-2023-37557 on the VDE CERT website: https://cert.vde.com/en/advisories/VDE-2023-019/