Vulnerability Description
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Control For Beaglebone Sl | < 4.11.0.0 |
| Codesys | Control For Empc-A\/Imx6 | < 4.11.0.0 |
| Codesys | Control For Iot2000 Sl | < 4.11.0.0 |
| Codesys | Control For Linux Arm Sl | < 4.11.0.0 |
| Codesys | Control For Linux Sl | < 4.11.0.0 |
| Codesys | Control For Pfc100 Sl | < 4.11.0.0 |
| Codesys | Control For Pfc200 Sl | < 4.11.0.0 |
| Codesys | Control For Plcnext Sl | < 4.11.0.0 |
| Codesys | Control For Raspberry Pi Sl | < 4.11.0.0 |
| Codesys | Control For Wago Touch Panels 600 Sl | < 4.11.0.0 |
| Codesys | Runtime Toolkit | < 3.5.19.50 |
Related Weaknesses (CWE)
References
- https://https://cert.vde.com/en/advisories/VDE-2023-066Broken Link
- https://cert.vde.com/en/advisories/VDE-2023-066MitigationThird Party Advisory
- https://https://cert.vde.com/en/advisories/VDE-2023-066Broken Link
FAQ
What is CVE-2023-6357?
CVE-2023-6357 is a vulnerability with a CVSS score of 8.8 (HIGH). A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
How severe is CVE-2023-6357?
CVE-2023-6357 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6357?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6, Codesys Control For Iot2000 Sl, Codesys Control For Linux Arm Sl, Codesys Control For Linux Sl.