CVE-2023-37552

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 3, 2023

Updated: Aug 8, 2023

CWE ID 20

Summary

CVE-2023-37552 is a vulnerability affecting multiple versions of Codesys products. Following a successful user authentication, certain malformed network communication requests can cause the CmpAppBP component to read data from an unintended memory location. This issue results in a denial-of-service condition, distinct from CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, and CVE-2023-37556.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

CODESYS Development System
CODESYS Control Win (SL)
CODESYS HMI
CODESYS Control RTE (SL)
CODESYS Control for BeagleBone SL

Affected Vendors

Codesys
3S-Smart Software Solutions

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5_0Nm
https://www.cve.org/CVERecord?id=CVE-2023-37552
https://nvd.nist.gov/vuln/detail/CVE-2023-37552

Back to Vulnerability Database