admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-375xx/CVE-2023-37552.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

210 lines
7.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-37552",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.353",
"lastModified": "2023-08-08T15:43:03.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553,\u00a0CVE-2023-37554,\u00a0CVE-2023-37555 and\u00a0CVE-2023-37556.\n\n"
},
{
"lang": "es",
"value": "En varias versiones de varios productos Codesys, despu\u00e9s de una autenticaci\u00f3n exitosa como usuario, solicitudes de comunicaci\u00f3n de red espec\u00edficas dise\u00f1adas con contenido inconsistente pueden hacer que el componente CmpAppBP lea internamente desde una direcci\u00f3n no v\u00e1lida, lo que podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio. Esta vulnerabilidad es diferente a CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 y CVE-2023-37556."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "80D9DB34-C2BD-441F-B8D9-02EFA27BECD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "49AA0C0C-F2F2-4F11-9615-FDCA6BC410B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "74FE662F-5397-4CB7-9243-1E6ED0AAEC29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "8896E77C-EB29-4CB9-BC98-D5A34791A961"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "56101551-21ED-4409-9932-9EFA225AF20C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C1239AA8-B094-4DA3-82B7-38F85B6C3940"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "BAA7FE72-41A0-42E7-8E66-9B4A50A5B08F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C248B53C-3C09-4068-9E57-8F9A4D2B7AD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C7995687-1BCD-454D-8546-52B80B5F22B0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "BAFC253D-32BC-4B9E-BDEE-CFFDCDBBE9FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "297D8781-B331-40B2-BD34-0041A316D5C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "DA76230A-C7E7-4223-BAB7-4CDE8F5CB5DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "09CC9B78-B3B4-4D49-9F23-DC5C80D52588"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "ACDCB65A-1328-422D-99A0-1D0FFE9AC793"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "81E2FE85-347D-42DE-9360-D5DB79AAD085"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "A7DF2418-1EC1-4672-941E-098EBC9BDF4F"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/",
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink