CVE-2023-37551

MEDIUM

CODESYS Control Runtime - Authenticated Arbitrary File Write via CmpApp Component

Title source: llm

Description

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.

References (1)

Core 1

Core References

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2023-019/

Scores

CVSS v3 6.5

EPSS 0.0042

EPSS Percentile 33.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-552

Status published

Products (16)

codesys/control_for_beaglebone_sl < 4.10.0.0

codesys/control_for_empc-a\/imx6_sl < 4.10.0.0

codesys/control_for_iot2000_sl < 4.10.0.0

codesys/control_for_linux_sl < 4.10.0.0

codesys/control_for_pfc100_sl < 4.10.0.0

codesys/control_for_pfc200_sl < 4.10.0.0

codesys/control_for_plcnext_sl < 4.10.0.0

codesys/control_for_raspberry_pi_sl < 4.10.0.0

codesys/control_for_wago_touch_panels_600_sl < 4.10.0.0

codesys/control_rte_sl < 3.5.19.20

... and 6 more

Published Aug 03, 2023

Tracked Since Feb 18, 2026