CVE-2023-37558 — MEDIUM (6.5)

Q: How severe is CVE-2023-37558?

CVE-2023-37558 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-37558?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.

Vulnerability Description

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Codesys	Control For Beaglebone Sl	< 4.10.0.0
Codesys	Control For Empc-A\/Imx6 Sl	< 4.10.0.0
Codesys	Control For Iot2000 Sl	< 4.10.0.0
Codesys	Control For Linux Sl	< 4.10.0.0
Codesys	Control For Pfc100 Sl	< 4.10.0.0
Codesys	Control For Pfc200 Sl	< 4.10.0.0
Codesys	Control For Plcnext Sl	< 4.10.0.0
Codesys	Control For Raspberry Pi Sl	< 4.10.0.0
Codesys	Control For Wago Touch Panels 600 Sl	< 4.10.0.0
Codesys	Control Rte Sl	< 3.5.19.20
Codesys	Control Rte Sl \(For Beckhoff Cx\)	< 3.5.19.20
Codesys	Control Runtime System Toolkit	< 3.5.19.20
Codesys	Control Win Sl	< 3.5.19.20
Codesys	Development System	< 3.5.19.20
Codesys	Hmi	< 3.5.19.20
Codesys	Safety Sil2	< 3.5.19.20

Related Weaknesses (CWE)

CWE-20

References

https://cert.vde.com/en/advisories/VDE-2023-019/Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-019/Third Party Advisory

FAQ

What is CVE-2023-37558?

CVE-2023-37558 is a vulnerability with a CVSS score of 6.5 (MEDIUM). After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce compone...

How severe is CVE-2023-37558?

CVE-2023-37558 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-37558?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.