admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-375xx/CVE-2023-37550.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

190 lines
7.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-37550",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.170",
"lastModified": "2023-08-07T19:30:01.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546,\u00a0CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.\n\n"
},
{
"lang": "es",
"value": "En muchos productos Codesys en m\u00faltiples versiones, despu\u00e9s de una autenticaci\u00f3n exitosa como usuario, solicitudes de comunicaci\u00f3n de red espec\u00edficas dise\u00f1adas con contenido inconsistente pueden hacer que el componente CmpApp lea internamente desde una direcci\u00f3n no v\u00e1lida, lo que podr\u00eda conducir a una condici\u00f3n de denegaci\u00f3n de servicio. Esta vulnerabilidad es diferente a CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 y CVE-2023-37549."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "80D9DB34-C2BD-441F-B8D9-02EFA27BECD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "49AA0C0C-F2F2-4F11-9615-FDCA6BC410B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "74FE662F-5397-4CB7-9243-1E6ED0AAEC29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "8896E77C-EB29-4CB9-BC98-D5A34791A961"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "56101551-21ED-4409-9932-9EFA225AF20C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C1239AA8-B094-4DA3-82B7-38F85B6C3940"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "BAA7FE72-41A0-42E7-8E66-9B4A50A5B08F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C248B53C-3C09-4068-9E57-8F9A4D2B7AD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C7995687-1BCD-454D-8546-52B80B5F22B0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "BAFC253D-32BC-4B9E-BDEE-CFFDCDBBE9FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "297D8781-B331-40B2-BD34-0041A316D5C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "DA76230A-C7E7-4223-BAB7-4CDE8F5CB5DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "09CC9B78-B3B4-4D49-9F23-DC5C80D52588"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "ACDCB65A-1328-422D-99A0-1D0FFE9AC793"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "81E2FE85-347D-42DE-9360-D5DB79AAD085"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "A7DF2418-1EC1-4672-941E-098EBC9BDF4F"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019",
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink