Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-37551

Published: 03/08/2023 Updated: 08/08/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Control For Empc-a\/imx6 Sl

Vulnerability Summary

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.

Vulnerable Product Search on Vulmon Subscribe to Product

codesys control for empc-a\\/imx6 sl

codesys control for beaglebone sl

codesys control for wago touch panels 600 sl

codesys control for raspberry pi sl

codesys control for plcnext sl

codesys control for pfc200 sl

codesys control for pfc100 sl

codesys control for linux sl

codesys control for iot2000 sl

codesys control rte sl \\(for beckhoff cx\\)

codesys safety sil2

codesys hmi

codesys development system

codesys control win sl

codesys control runtime system toolkit

codesys control rte sl

References

CWE-552https://cert.vde.com/en/advisories/VDE-2023-019/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook