CVE-2023-6357: OS Command Injection in multiple CODESYS products
First published: Tue Dec 05 2023(Updated: )
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codesys Control For Beaglebone Sl | <4.11.0.0 | |
| Codesys Control For Empc-a\/imx6 | <4.11.0.0 | |
| Codesys Control For Iot2000 Sl | <4.11.0.0 | |
| Codesys Control For Linux Arm Sl | <4.11.0.0 | |
| Codesys Control For Linux Sl | <4.11.0.0 | |
| Codesys Control For Pfc100 Sl | <4.11.0.0 | |
| Codesys Control For Pfc200 Sl | <4.11.0.0 | |
| Codesys Control For Plcnext Sl | <4.11.0.0 | |
| Codesys Control For Raspberry Pi Sl | <4.11.0.0 | |
| Codesys Control For Wago Touch Panels 600 Sl | <4.11.0.0 | |
| Codesys Runtime Toolkit | <3.5.19.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- agent/references
- agent/event
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- vendor/codesys
- canonical/codesys control for beaglebone sl
- canonical/codesys control for empc-a\/imx6
- canonical/codesys control for iot2000 sl
- canonical/codesys control for linux arm sl
- canonical/codesys control for linux sl
- canonical/codesys control for pfc100 sl
- canonical/codesys control for pfc200 sl
- canonical/codesys control for plcnext sl
- canonical/codesys control for raspberry pi sl
- canonical/codesys control for wago touch panels 600 sl
- canonical/codesys runtime toolkit