admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-375xx/CVE-2023-37549.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

191 lines
7.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-37549",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-08-03T12:15:10.083",
"lastModified": "2023-08-07T19:29:55.780",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546,\u00a0CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550\n\n"
},
{
"lang": "es",
"value": "En m\u00faltiples productos de Codesys en m\u00faltiples versiones, despu\u00e9s de una autenticaci\u00f3n exitosa como usuario, solicitudes espec\u00edficas de comunicaci\u00f3n de red con contenido inconsistente pueden causar que el componente CmpApp lea internamente desde una direcci\u00f3n inv\u00e1lida, potencialmente llevando a una condici\u00f3n de denegaci\u00f3n de servicio. Esta vulnerabilidad es diferente de CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 y CVE-2023-37550."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "80D9DB34-C2BD-441F-B8D9-02EFA27BECD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "49AA0C0C-F2F2-4F11-9615-FDCA6BC410B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "74FE662F-5397-4CB7-9243-1E6ED0AAEC29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "8896E77C-EB29-4CB9-BC98-D5A34791A961"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "56101551-21ED-4409-9932-9EFA225AF20C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C1239AA8-B094-4DA3-82B7-38F85B6C3940"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "BAA7FE72-41A0-42E7-8E66-9B4A50A5B08F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C248B53C-3C09-4068-9E57-8F9A4D2B7AD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.10.0.0",
"matchCriteriaId": "C7995687-1BCD-454D-8546-52B80B5F22B0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "BAFC253D-32BC-4B9E-BDEE-CFFDCDBBE9FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "297D8781-B331-40B2-BD34-0041A316D5C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "DA76230A-C7E7-4223-BAB7-4CDE8F5CB5DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "09CC9B78-B3B4-4D49-9F23-DC5C80D52588"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "ACDCB65A-1328-422D-99A0-1D0FFE9AC793"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "81E2FE85-347D-42DE-9360-D5DB79AAD085"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.19.20",
"matchCriteriaId": "A7DF2418-1EC1-4672-941E-098EBC9BDF4F"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019",
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink