What is the severity of CVE-2023-6357?

CVE-2023-6357 is classified as a low-severity vulnerability.

How do I fix CVE-2023-6357?

To fix CVE-2023-6357, update to a version of CODESYS Control that is above 4.11.0.0 or 3.5.19.50.

What are the affected software versions for CVE-2023-6357?

CVE-2023-6357 affects CODESYS Control versions up to 4.11.0.0 and CoDeSys Runtime Toolkit versions up to 3.5.19.50.

Can CVE-2023-6357 be exploited remotely?

Yes, CVE-2023-6357 can be exploited remotely by a low-privileged attacker.

What could an attacker gain by exploiting CVE-2023-6357?

Exploiting CVE-2023-6357 could allow an attacker to execute additional system commands, potentially gaining full control of the device.

Vulnerability/
CVE-2023-6357

high

8.8

CWE

EPSS

0.097%

5/12/2023

2/8/2024

CVE-2023-6357: OS Command Injection in multiple CODESYS products

First published: Tue Dec 05 2023(Updated: )

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

Credit: info@cert.vde.com

Affected Software	Affected Version	How to fix
CODESYS Control Beaglebone SL	<4.11.0.0
CODESYS Control for empc-a/imx6	<4.11.0.0
CODESYS Control for IoT2000	<4.11.0.0
CODESYS Control for Linux ARM SL	<4.11.0.0
CODESYS Control for Linux	<4.11.0.0
CODESYS Control PFC100 SL	<4.11.0.0
WAGO PFC200	<4.11.0.0
CODESYS Control for PLCnext	<4.11.0.0
CODESYS Control Raspberry Pi SL	<4.11.0.0
CODESYS Control for WAGO Touch Panels 600	<4.11.0.0
CoDeSys Runtime Toolkit	<3.5.19.50

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-6357?
CVE-2023-6357 is classified as a low-severity vulnerability.
How do I fix CVE-2023-6357?
To fix CVE-2023-6357, update to a version of CODESYS Control that is above 4.11.0.0 or 3.5.19.50.
What are the affected software versions for CVE-2023-6357?
CVE-2023-6357 affects CODESYS Control versions up to 4.11.0.0 and CoDeSys Runtime Toolkit versions up to 3.5.19.50.
Can CVE-2023-6357 be exploited remotely?
Yes, CVE-2023-6357 can be exploited remotely by a low-privileged attacker.
What could an attacker gain by exploiting CVE-2023-6357?
Exploiting CVE-2023-6357 could allow an attacker to execute additional system commands, potentially gaining full control of the device.

agent/references
agent/event
agent/type
agent/first-publish-date
agent/title
agent/weakness
agent/author
agent/severity
agent/description
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
vendor/codesys
canonical/codesys control beaglebone sl
canonical/codesys control for empc-a/imx6
canonical/codesys control for iot2000
canonical/codesys control for linux arm sl
canonical/codesys control for linux
canonical/codesys control pfc100 sl
canonical/wago pfc200
canonical/codesys control for plcnext
canonical/codesys control raspberry pi sl
canonical/codesys control for wago touch panels 600
canonical/codesys runtime toolkit

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.