CVE-2023-37551
Summary
| CVE | CVE-2023-37551 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-03 12:15:00 UTC |
| Updated | 2023-08-08 15:42:00 UTC |
| Description | In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. |
Risk And Classification
Problem Types: CWE-552
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Codesys | Control For Beaglebone Sl | All | All | All | All |
| Application | Codesys | Control For Empc-a/imx6 Sl | All | All | All | All |
| Application | Codesys | Control For Iot2000 Sl | All | All | All | All |
| Application | Codesys | Control For Linux Sl | All | All | All | All |
| Application | Codesys | Control For Pfc100 Sl | All | All | All | All |
| Application | Codesys | Control For Pfc200 Sl | All | All | All | All |
| Application | Codesys | Control For Plcnext Sl | All | All | All | All |
| Application | Codesys | Control For Raspberry Pi Sl | All | All | All | All |
| Application | Codesys | Control For Wago Touch Panels 600 Sl | All | All | All | All |
| Application | Codesys | Control Rte Sl | All | All | All | All |
| Application | Codesys | Control Rte Sl For Beckhoff Cx | All | All | All | All |
| Application | Codesys | Control Runtime System Toolkit | All | All | All | All |
| Application | Codesys | Control Win Sl | All | All | All | All |
| Application | Codesys | Development System | All | All | All | All |
| Application | Codesys | Hmi | All | All | All | All |
| Application | Codesys | Safety Sil2 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VDE-2023-019 | CERT@VDE | MISC | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.