In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-08-03T11:03:37.457Z

Updated: 2024-10-11T18:10:51.431Z

Reserved: 2023-07-07T07:39:16.323Z

Link: CVE-2023-37551

cve-icon Vulnrichment

Updated: 2024-08-02T17:16:30.609Z

cve-icon NVD

Status : Modified

Published: 2023-08-03T12:15:10.257

Modified: 2024-11-21T08:11:55.417

Link: CVE-2023-37551

cve-icon Redhat

No data.