CVE-2023-37559 MEDIUM

CVE-2023-37559: CODESYS Improper Validation of Consistency within Input in multiple products

Vendor Codesys
Product CODESYS Control for BeagleBone SL
Weakness CWE-20 · Input validation
Published August 3, 2023
Last update October 11, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558

Key dates

02Disclosure timeline

August 3, 2023 CVE published
October 11, 2024 Record updated