What is CVE-2023-37557?

CVE-2023-37557 is a vulnerability in multiple versions of Codesys products that can lead to a denial-of-service condition.

Which products are affected by CVE-2023-37557?

Multiple Codesys products in multiple versions, including Codesys Control for Beaglebone Sl, Codesys Control for Empc-a\/imx6 Sl, Codesys Control for Iot2000 Sl, and others, are affected by CVE-2023-37557.

What is the severity of CVE-2023-37557?

CVE-2023-37557 has a severity rating of 6.5, which is considered medium.

How can CVE-2023-37557 be fixed?

To fix CVE-2023-37557, it is recommended to update to a version of the affected Codesys products that is higher than 4.10.0.0.

Where can I find more information about CVE-2023-37557?

You can find more information about CVE-2023-37557 on the VDE CERT website: https://cert.vde.com/en/advisories/VDE-2023-019/

Vulnerability/
CVE-2023-37557

medium

6.5

CWE

787

3/8/2023

9/10/2024

CVE-2023-37557: CODESYS Heap-based Buffer Overflow in multiple products

First published: Thu Aug 03 2023(Updated: )

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.

Credit: info@cert.vde.com info@cert.vde.com

Affected Software	Affected Version	How to fix
Codesys Control For Beaglebone Sl	<4.10.0.0
Codesys Control For Empc-a\/imx6 Sl	<4.10.0.0
Codesys Control For Iot2000 Sl	<4.10.0.0
Codesys Control For Linux Sl	<4.10.0.0
Codesys Control For Pfc100 Sl	<4.10.0.0
Codesys Control For Pfc200 Sl	<4.10.0.0
Codesys Control For Plcnext Sl	<4.10.0.0
Codesys Control For Raspberry Pi Sl	<4.10.0.0
Codesys Control For Wago Touch Panels 600 Sl	<4.10.0.0
Codesys Control Rte Sl	<3.5.19.20
Codesys Control Rte Sl \(for Beckhoff Cx\)	<3.5.19.20
Codesys Control Runtime System Toolkit	<3.5.19.20
Codesys Control Win Sl	<3.5.19.20
CODESYS Development System	<3.5.19.20
Codesys Hmi	<3.5.19.20
Codesys Safety Sil2	<3.5.19.20

Never miss a vulnerability like this again

Reference Links

https://cert.vde.com/en/advisories/VDE-2023-019/

Frequently Asked Questions

What is CVE-2023-37557?
CVE-2023-37557 is a vulnerability in multiple versions of Codesys products that can lead to a denial-of-service condition.
Which products are affected by CVE-2023-37557?
Multiple Codesys products in multiple versions, including Codesys Control for Beaglebone Sl, Codesys Control for Empc-a\/imx6 Sl, Codesys Control for Iot2000 Sl, and others, are affected by CVE-2023-37557.
What is the severity of CVE-2023-37557?
CVE-2023-37557 has a severity rating of 6.5, which is considered medium.
How can CVE-2023-37557 be fixed?
To fix CVE-2023-37557, it is recommended to update to a version of the affected Codesys products that is higher than 4.10.0.0.
Where can I find more information about CVE-2023-37557?
You can find more information about CVE-2023-37557 on the VDE CERT website: https://cert.vde.com/en/advisories/VDE-2023-019/

collector/nvd-latest
collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/title
agent/references
agent/weakness
agent/event
agent/description
agent/tags
agent/first-publish-date
vendor/codesys
canonical/codesys control for beaglebone sl
canonical/codesys control for empc-a\/imx6 sl
canonical/codesys control for iot2000 sl
canonical/codesys control for linux sl
canonical/codesys control for pfc100 sl
canonical/codesys control for pfc200 sl
canonical/codesys control for plcnext sl
canonical/codesys control for raspberry pi sl
canonical/codesys control for wago touch panels 600 sl
canonical/codesys control rte sl
canonical/codesys control rte sl \(for beckhoff cx\)
canonical/codesys control runtime system toolkit
canonical/codesys control win sl
canonical/codesys development system
canonical/codesys hmi
canonical/codesys safety sil2