CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2023-066	Mitigation Third Party Advisory
https://https://cert.vde.com/en/advisories/VDE-2023-066	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_arm_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
	cpe:2.3:a:codesys:runtime_toolkit::::::::

History

No history.

Information

Published : 2023-12-05 15:15

Updated : 2023-12-11 20:49

NVD link : CVE-2023-6357

Mitre link : CVE-2023-6357

CVE.ORG link : CVE-2023-6357

JSON object : View

Products Affected

codesys

control_for_pfc200_sl
control_for_pfc100_sl
control_for_plcnext_sl
control_for_iot2000_sl
control_for_empc-a\/imx6
runtime_toolkit
control_for_linux_sl
control_for_wago_touch_panels_600_sl
control_for_raspberry_pi_sl
control_for_beaglebone_sl
control_for_linux_arm_sl

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-6357", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-12-05T15:15:08.983", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-066", "tags": ["Mitigation", "Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://https://cert.vde.com/en/advisories/VDE-2023-066", "tags": ["Broken Link"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device."}, {"lang": "es", "value": "Un atacante remoto con pocos privilegios podr\u00eda aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a trav\u00e9s de librer\u00edas del sistema de archivos que podr\u00edan darle al atacante el control total del dispositivo."}], "lastModified": "2023-12-11T20:49:14.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEFEF3B4-03F2-4E09-A8F2-02A0604CB8BF", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2DB55B1-CAFE-435B-8776-DB4D33ED9C98", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D492DB3-94BA-4F14-8119-1610AB4F95EE", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97D00DF9-EBF1-4DEC-8A49-694871643B9F", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6F207B6-5906-4B39-A5B4-A07F6D5A9BB9", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7791D9E4-CEC3-4658-8E2C-8F08882CE4F4", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CADE021-8D58-4BC5-BA60-A16FE24FBA73", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3948946-E7B8-4D7E-8D1D-80B9E0DB47AF", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C9DF443-E965-4480-B76E-4A25CF2E714F", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5FCD76E-A3F5-4E02-AD3F-B2BDE708A651", "versionEndExcluding": "4.11.0.0"}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "162DB2B8-3426-43F7-848A-BE542C24619C", "versionEndExcluding": "3.5.19.50"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}