Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-37548
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
CODESYS: Improper Input Validation in CmpApp component
Source: NVD (National Vulnerability Database)
Vulnerability Description
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Codesys产品 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
3s-smart Software Solutions CODESYS Control是德国德国3S智能软件系统方案有限公司(3s-smart Software Solutions)公司的一套工业控制程序编程软件。 多款Codesys产品存在输入验证错误漏洞,该漏洞源于在成功验证用户身份后,内容不一致的特定网络通信请求可能会导致CmpApp组件从无效地址进行内部读取,从而可能导致拒绝服务情况。以下产品及版本受到影响:CODESYS Control for BeagleBone SL V4.10.0.0之前
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CODESYSCODESYS Control for BeagleBone SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for emPC-A/iMX6 SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for IOT2000 SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for Linux SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for PFC100 SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for PFC200 SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for PLCnext SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for Raspberry Pi SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control for WAGO Touch Panels 600 SL 0 ~ V4.10.0.0 -
CODESYSCODESYS Control RTE (for Beckhoff CX) SL 0 ~ V3.5.19.20 -
CODESYSCODESYS Control RTE (SL) 0 ~ V3.5.19.20 -
CODESYSCODESYS Control Runtime System Toolkit 0 ~ V3.5.19.20 -
CODESYSCODESYS Control Win (SL) 0 ~ V3.5.19.20 -
CODESYSCODESYS Development System V3 0 ~ V3.5.19.20 -
CODESYSCODESYS HMI (SL) 0 ~ V3.5.19.20 -
CODESYSCODESYS Safety SIL2 Runtime Toolkit 0 ~ V3.5.19.20 -
II. Public POCs for CVE-2023-37548
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-37548
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: CODESYS Control for BeagleBone SL
Same vendor: CODESYS
Same weakness: CWE-20
V. Comments for CVE-2023-37548

No comments yet

Leave a comment