Description
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
Published: 2023-08-03
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-41443 After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
History

Wed, 09 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Codesys Control For Beaglebone Sl Control For Empc-a\/imx6 Sl Control For Iot2000 Sl Control For Linux Sl Control For Pfc100 Sl Control For Pfc200 Sl Control For Plcnext Sl Control For Raspberry Pi Sl Control For Wago Touch Panels 600 Sl Control Rte Sl Control Rte Sl \(for Beckhoff Cx\) Control Runtime System Toolkit Control Win Sl Development System Hmi Safety Sil2
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2024-10-09T20:52:16.817Z

Reserved: 2023-07-07T07:39:19.121Z

Link: CVE-2023-37557

cve-icon Vulnrichment

Updated: 2024-08-02T17:16:30.379Z

cve-icon NVD

Status : Modified

Published: 2023-08-03T12:15:10.797

Modified: 2024-11-21T08:11:56.350

Link: CVE-2023-37557

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses