CVE-2023-37551

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 3, 2023

Updated: Aug 8, 2023

CWE ID 552

Summary

CVE-2023-37551 is a vulnerability affecting multiple versions of Codesys products. Successfully authenticated users can exploit this flaw to download files with any file extension using the CmpApp component, bypassing regular file download filters. This poses a significant risk as the malicious files could compromise the integrity of the CODESYS control runtime system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

CODESYS Development System
CODESYS Control Win (SL)
CODESYS HMI
CODESYS Control RTE (SL)
CODESYS Control for BeagleBone SL

Affected Vendors

Codesys
3S-Smart Software Solutions

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5-1Lo
https://www.cve.org/CVERecord?id=CVE-2023-37551
https://nvd.nist.gov/vuln/detail/CVE-2023-37551

Back to Vulnerability Database