CVE-2023-6357 HIGH

CVE-2023-6357: OS Command Injection in multiple CODESYS products

Vendor Codesys
Product CODESYS Control for BeagleBone SL
Weakness CWE-78
Published December 5, 2023
Last update August 2, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

Key dates

02Disclosure timeline

December 5, 2023 CVE published
August 2, 2024 Record updated