OS Command Injection in multiple CODESYS products
CVE-2023-6357

8.8HIGH

Key Information:

Vendor: CODESYS
Status: CODESYS Control for BeagleBone SL; CODESYS Control for emPC-A/iMX6 SL; CODESYS Control for IOT2000 SL; CODESYS Control for Linux ARM SL
Vendor: CVE Published:; 5 December 2023

What is CVE-2023-6357?

This vulnerability allows a low-privileged remote attacker to exploit the system by injecting additional commands through file system libraries, potentially leading to complete control over the affected device.

Affected Version(s)

CODESYS Control for BeagleBone SL 0 < 4.11.0.0

CODESYS Control for emPC-A/iMX6 SL 0 < 4.11.0.0

CODESYS Control for IOT2000 SL 0 < 4.11.0.0

References

https://https://cert.vde.com/en/advisories/VDE-2023-066

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Nov 28, 2023

Credit

Chuya Hayakawa of 00One, Inc.