CVE-2023-37558

Summary

CVE-2023-37558 is a newly disclosed vulnerability affecting multiple versions of Codesys products. Successful authentication as a user allows an attacker to send specific, crafted network communication requests with inconsistent content, causing the CmpAppForce component to read from an invalid memory address. This issue can result in a denial-of-service condition and is distinct from CVE-2023-37559. Authenticating users and closely managing network communications are essential to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.