CVE-2023-37551

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

I

n multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2023-019/	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-019/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:codesys:control_rte_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win_sl::::::::
	cpe:2.3:a:codesys:development_system::::::::
	cpe:2.3:a:codesys:hmi::::::::
	cpe:2.3:a:codesys:safety_sil2::::::::

History

21 Nov 2024, 08:11

Type	Values Removed	Values Added
References	~~() https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory~~	() https://cert.vde.com/en/advisories/VDE-2023-019/ - Third Party Advisory

Information

Published : 2023-08-03 12:15

Updated : 2024-11-21 08:11

NVD link : CVE-2023-37551

Mitre link : CVE-2023-37551

CVE.ORG link : CVE-2023-37551

JSON object : View

Products Affected

CWE

CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2023-37551", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-08-03T12:15:10.257", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-019/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-019/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller."}, {"lang": "es", "value": "En m\u00faltiples productos Codesys en m\u00faltiples versiones , despu\u00e9s de una autenticaci\u00f3n exitosa como usuario, las solicitudes de comunicaci\u00f3n de red especialmente dise\u00f1adas pueden utilizar el componente CmpApp para descargar archivos con cualquier extensi\u00f3n de archivo al controlador. A diferencia de la descarga de archivos normal a trav\u00e9s de CmpFileTransfer, aqu\u00ed no se realiza ning\u00fan filtrado de determinados tipos de archivos. Como resultado, la integridad del sistema de ejecuci\u00f3n de control CODESYS puede verse comprometida por los archivos cargados en el controlador."}], "lastModified": "2024-11-21T08:11:55.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D9DB34-C2BD-441F-B8D9-02EFA27BECD8", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AA0C0C-F2F2-4F11-9615-FDCA6BC410B4", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74FE662F-5397-4CB7-9243-1E6ED0AAEC29", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8896E77C-EB29-4CB9-BC98-D5A34791A961", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56101551-21ED-4409-9932-9EFA225AF20C", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1239AA8-B094-4DA3-82B7-38F85B6C3940", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAA7FE72-41A0-42E7-8E66-9B4A50A5B08F", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C248B53C-3C09-4068-9E57-8F9A4D2B7AD0", "versionEndExcluding": "4.10.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7995687-1BCD-454D-8546-52B80B5F22B0", "versionEndExcluding": "4.10.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAFC253D-32BC-4B9E-BDEE-CFFDCDBBE9FB", "versionEndExcluding": "3.5.19.20"}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "297D8781-B331-40B2-BD34-0041A316D5C8", "versionEndExcluding": "3.5.19.20"}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA76230A-C7E7-4223-BAB7-4CDE8F5CB5DB", "versionEndExcluding": "3.5.19.20"}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09CC9B78-B3B4-4D49-9F23-DC5C80D52588", "versionEndExcluding": "3.5.19.20"}, {"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACDCB65A-1328-422D-99A0-1D0FFE9AC793", "versionEndExcluding": "3.5.19.20"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81E2FE85-347D-42DE-9360-D5DB79AAD085", "versionEndExcluding": "3.5.19.20"}, {"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7DF2418-1EC1-4672-941E-098EBC9BDF4F", "versionEndExcluding": "3.5.19.20"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}