CVE-2023-6357

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6357
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert.vde.com/en/advisories/VDE-2023-066 Mitigation Third Party Advisory
https://https://cert.vde.com/en/advisories/VDE-2023-066 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*
History

11 Dec 2023, 20:49

Type Values Removed Values Added
References
  • () https://cert.vde.com/en/advisories/VDE-2023-066 - Mitigation, Third Party Advisory
References () https://https://cert.vde.com/en/advisories/VDE-2023-066 - () https://https://cert.vde.com/en/advisories/VDE-2023-066 - Broken Link
CPE cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*
First Time Codesys control For Empc-a\/imx6
Codesys control For Plcnext Sl
Codesys control For Beaglebone Sl
Codesys
Codesys control For Pfc200 Sl
Codesys runtime Toolkit
Codesys control For Pfc100 Sl
Codesys control For Linux Sl
Codesys control For Raspberry Pi Sl
Codesys control For Iot2000 Sl
Codesys control For Linux Arm Sl
Codesys control For Wago Touch Panels 600 Sl

05 Dec 2023, 15:27

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-05 15:15

Updated : 2023-12-11 20:49

NVD link : CVE-2023-6357

Mitre link : CVE-2023-6357

CVE.ORG link : CVE-2023-6357

JSON object : View

Products Affected

codesys

  • control_for_linux_arm_sl
  • control_for_plcnext_sl
  • control_for_wago_touch_panels_600_sl
  • runtime_toolkit
  • control_for_linux_sl
  • control_for_raspberry_pi_sl
  • control_for_iot2000_sl
  • control_for_pfc200_sl
  • control_for_beaglebone_sl
  • control_for_pfc100_sl
  • control_for_empc-a\/imx6
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')