CVE-2023-37558 — Improper Input Validation in Control FOR Beaglebone SL

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone SL Codesys Control FOR Empc-a Imx6 SL Codesys Control FOR Iot2000 SL +28 more

Timeline

PublishedAug 3

Description

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages23 packages

▶NVDcodesys/hmi< 3.5.19.20

▶NVDcodesys/control< 4.10.0.0

▶CVEListV5codesys/codesys_hmi< V3.5.19.20

▶NVDcodesys/safety_sil2< 3.5.19.20

▶NVDcodesys/control_rte_sl< 3.5.19.20

🔴Vulnerability Details

CVEList

CODESYS Improper Validation of Consistency within Input in multiple products↗2023-08-03

▶

GHSA

GHSA-gq88-4795-g3w2: After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inco↗2023-08-03

▶