製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数のSchneider Electric製品における複数の脆弱性

Title	複数のSchneider Electric製品における複数の脆弱性
Summary	Schneider Electricが提供する複数の製品には、次の複数の脆弱性が存在します。<ul><li>情報漏えい（CWE-200） - CVE-2018-12130</li><li>入力データの整合性検証不備（CWE-1288） - CVE-2022-47378、CVE-2022-47392、CVE-2022-47391</li><li>境界外書き込み（CWE-787） - CVE-2022-47379、CVE-2023-37557</li><li>スタックベースのバッファオーバーフロー（CWE-121） - CVE-2022-47380、 CVE-2022-47381、 CVE-2022-47382、 CVE-2022-47383、 CVE-2022-47384、 CVE-2022-47386、 CVE-2022-47387、 CVE-2022-47388、 CVE-2022-47389、 CVE-2022-47390、 CVE-2022-47385</li><li>信頼できないポインタの参照（CWE-822） - CVE-2022-47393</li><li>バッファーエラー（CWE-119） - CVE-2022-4046</li><li>データ完全性の検証不備（CWE-354） - CVE-2023-28355</li><li>不適切な入力確認（CWE-20） - CVE-2023-37545、 CVE-2023-37546、 CVE-2023-37547、 CVE-2023-37548、 CVE-2023-37549、 CVE-2023-37550、 CVE-2023-37552、 CVE-2023-37553、 CVE-2023-37554、 CVE-2023-37555、 CVE-2023-37556、 CVE-2023-37558、 CVE-2023-37559</li><li>外部からアクセス可能なファイルまたはディレクトリ（CWE-552） - CVE-2023-37551</li><li>ファイル検索パスの制御不備（CWE-427） - CVE-2023-3662</li><li>通信チャネルで送受信するメッセージに対する完全性の検証不備（CWE-924） - CVE-2023-3663</li><li>過度な認証試行の不適切な制限（CWE-307） - CVE-2023-3669</li><li>誤った領域へのリソースの漏えい（CWE-668） - CVE-2023-3670</li></ul>
Possible impacts	脆弱性を悪用された場合、次のような影響を受ける可能性があります。<ul><li>情報が漏えいする（CVE-2018-12130）</li><li>サービス運用妨害（DoS）状態にされる（CVE-2022-47378、CVE-2022-47392、CVE-2022-47393、CVE-2022-47391、CVE-2023-37545、CVE-2023-37546、CVE-2023-37547、CVE-2023-37548、CVE-2023-37549、CVE-2023-37550、CVE-2023-37552、CVE-2023-37553、CVE-2023-37554、CVE-2023-37555、CVE-2023-37556、CVE-2023-37557、CVE-2023-37558、 CVE-2023-37559）</li><li>サービス運用妨害（DoS）状態にされたり、メモリを上書きされたり、リモートコードを実行されたりする（CVE-2022-47379、CVE-2022-47380、CVE-2022-47381、CVE-2022-47382、CVE-2022-47383、CVE-2022-47384、CVE-2022-47386、CVE-2022-47387、CVE-2022-47388、CVE-2022-47389、CVE-2022-47390、CVE-2022-47385）</li><li>PLCアプリケーションコードを実行される（CVE-2022-4046、CVE-2023-28355）</li><li>システムを侵害される（CVE-2023-37551）</li><li>悪意ある実行ファイルを実行される（CVE-2023-3662）</li><li>意図しないコードを実行される（CVE-2023-3663）</li><li>無制限にパスワードを試行される（CVE-2023-3669）</li><li>悪意あるスクリプトを実行される（CVE-2023-3670）</li></ul>
Solution	[アップデートする] 開発者は、アップデートを提供しています。 [別製品へ移行する] 開発者は、サポートを終了した製品については別製品への移行を推奨しています。 [ワークアラウンドを実施する] 開発者は、アップデートが適用できない場合、ワークアラウンドの適用を推奨しています。詳細は、開発者が提供する情報を確認してください。
Publication Date	Jan. 22, 2026, midnight
Registration Date	Jan. 23, 2026, 10:52 a.m.
Last Update	Jan. 23, 2026, 10:52 a.m.

Affected System

Schneider Electric

(複数の製品) (CVE-2022-47378等)

EcoStruxure Foxboro DCS V91 DCS Virtualization Server バージョン Intel Xeon Silver 4110 (CVE-2018-12130)

EcoStruxure Foxboro DCS V91 DCS Virtualization Server バージョン Intel Xeon W-2123およびそれ以前 (CVE-2018-12130)

EcoStruxure Foxboro H92 DCS Standard Workstation バージョン Intel Xeon Silver 4110 (CVE-2018-12130)

EcoStruxure Foxboro H92 DCS Standard Workstation バージョン Intel Xeon W-2123およびそれ以前 (CVE-2018-12130)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-12130	https://www.cve.org/CVERecord?id=CVE-2018-12130
2	CVE-2022-4046	https://www.cve.org/CVERecord?id=CVE-2022-4046
3	CVE-2022-47378	https://www.cve.org/CVERecord?id=CVE-2022-47378
4	CVE-2022-47379	https://www.cve.org/CVERecord?id=CVE-2022-47379
5	CVE-2022-47380	https://www.cve.org/CVERecord?id=CVE-2022-47380
6	CVE-2022-47381	https://www.cve.org/CVERecord?id=CVE-2022-47381
7	CVE-2022-47382	https://www.cve.org/CVERecord?id=CVE-2022-47382
8	CVE-2022-47383	https://www.cve.org/CVERecord?id=CVE-2022-47383
9	CVE-2022-47384	https://www.cve.org/CVERecord?id=CVE-2022-47384
10	CVE-2022-47385	https://www.cve.org/CVERecord?id=CVE-2022-47385
11	CVE-2022-47386	https://www.cve.org/CVERecord?id=CVE-2022-47386
12	CVE-2022-47387	https://www.cve.org/CVERecord?id=CVE-2022-47387
13	CVE-2022-47388	https://www.cve.org/CVERecord?id=CVE-2022-47388
14	CVE-2022-47389	https://www.cve.org/CVERecord?id=CVE-2022-47389
15	CVE-2022-47390	https://www.cve.org/CVERecord?id=CVE-2022-47390
16	CVE-2022-47391	https://www.cve.org/CVERecord?id=CVE-2022-47391
17	CVE-2022-47392	https://www.cve.org/CVERecord?id=CVE-2022-47392
18	CVE-2022-47393	https://www.cve.org/CVERecord?id=CVE-2022-47393
19	CVE-2023-28355	https://www.cve.org/CVERecord?id=CVE-2023-28355
20	CVE-2023-3662	https://www.cve.org/CVERecord?id=CVE-2023-3662
21	CVE-2023-3663	https://www.cve.org/CVERecord?id=CVE-2023-3663
22	CVE-2023-3669	https://www.cve.org/CVERecord?id=CVE-2023-3669
23	CVE-2023-3670	https://www.cve.org/CVERecord?id=CVE-2023-3670
24	CVE-2023-37545	https://www.cve.org/CVERecord?id=CVE-2023-37545
25	CVE-2023-37546	https://www.cve.org/CVERecord?id=CVE-2023-37546
26	CVE-2023-37547	https://www.cve.org/CVERecord?id=CVE-2023-37547
27	CVE-2023-37548	https://www.cve.org/CVERecord?id=CVE-2023-37548
28	CVE-2023-37549	https://www.cve.org/CVERecord?id=CVE-2023-37549
29	CVE-2023-37550	https://www.cve.org/CVERecord?id=CVE-2023-37550
30	CVE-2023-37551	https://www.cve.org/CVERecord?id=CVE-2023-37551
31	CVE-2023-37552	https://www.cve.org/CVERecord?id=CVE-2023-37552
32	CVE-2023-37553	https://www.cve.org/CVERecord?id=CVE-2023-37553
33	CVE-2023-37554	https://www.cve.org/CVERecord?id=CVE-2023-37554
34	CVE-2023-37555	https://www.cve.org/CVERecord?id=CVE-2023-37555
35	CVE-2023-37556	https://www.cve.org/CVERecord?id=CVE-2023-37556
36	CVE-2023-37557	https://www.cve.org/CVERecord?id=CVE-2023-37557
37	CVE-2023-37558	https://www.cve.org/CVERecord?id=CVE-2023-37558
38	CVE-2023-37559	https://www.cve.org/CVERecord?id=CVE-2023-37559

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html
2	CWE-121	https://cwe.mitre.org/data/definitions/121.html
3	CWE-1288	https://cwe.mitre.org/data/definitions/1288.html
4	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html
5	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html
6	CWE-307	https://cwe.mitre.org/data/definitions/307.html
7	CWE-354	https://cwe.mitre.org/data/definitions/354.html
8	CWE-427	https://cwe.mitre.org/data/definitions/427.html
9	CWE-552	https://cwe.mitre.org/data/definitions/552.html
10	CWE-668	https://cwe.mitre.org/data/definitions/668.html
11	CWE-787	https://cwe.mitre.org/data/definitions/787.html
12	CWE-822	https://cwe.mitre.org/data/definitions/822.html
13	CWE-924	https://cwe.mitre.org/data/definitions/924.html

ベンダー情報

No	Name	URL
Schneider Electric
1	SEVD-2023-192-04 \| CODESYS Runtime Vulnerabilities	https://download.schneider-electric.com/files?p_File_Name=SEVD-2023-192-04.pdf&p_Doc_Ref=SEVD-2023-192-04&p_enDocType=Security+and+Safety+Notice
2	SEVD-2025-343-01 \| EcoStruxure Foxboro DCS	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-343-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-343-01.pdf

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-26-020-01	https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-01
2	ICSA-26-020-02	https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-02
JVN
3	JVNVU#98067852	https://jvn.jp/vu/JVNVU98067852/index.html

Change Log

No	Changed Details	Date of change
1	[2026年01月23日] 掲載	Jan. 23, 2026, 10:52 a.m.

NVD Vulnerability Information

CVE-2018-12130

Summary	Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Publication Date	May 31, 2019, 1:29 a.m.
Registration Date	March 1, 2021, 6:48 p.m.
Last Update	Nov. 21, 2024, 12:44 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:intel:microarchitectural_fill_buffer_data_sampling_firmware:-:::::::*
execution environment
1	cpe:2.3:h:intel:microarchitectural_fill_buffer_data_sampling:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:29:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
2	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
3	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
4	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html
5	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
6	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html
7	http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
8	http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
9	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
10	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
11	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
12	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
13	https://access.redhat.com/errata/RHSA-2019:1455
14	https://access.redhat.com/errata/RHSA-2019:1455
15	https://access.redhat.com/errata/RHSA-2019:2553
16	https://access.redhat.com/errata/RHSA-2019:2553
17	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
18	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
19	https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
20	https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
21	https://kc.mcafee.com/corporate/index?page=content&id=SB10292
22	https://kc.mcafee.com/corporate/index?page=content&id=SB10292
23	https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
24	https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html
25	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
26	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
27	https://seclists.org/bugtraq/2019/Jun/28
28	https://seclists.org/bugtraq/2019/Jun/28
29	https://seclists.org/bugtraq/2019/Jun/36
30	https://seclists.org/bugtraq/2019/Jun/36
31	https://seclists.org/bugtraq/2019/Nov/15
32	https://seclists.org/bugtraq/2019/Nov/15
33	https://seclists.org/bugtraq/2019/Nov/16
34	https://seclists.org/bugtraq/2019/Nov/16
35	https://seclists.org/bugtraq/2020/Jan/21
36	https://seclists.org/bugtraq/2020/Jan/21
37	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
38	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc
39	https://security.gentoo.org/glsa/202003-56
40	https://security.gentoo.org/glsa/202003-56
41	https://usn.ubuntu.com/3977-3/
42	https://usn.ubuntu.com/3977-3/
43	https://www.debian.org/security/2020/dsa-4602
44	https://www.debian.org/security/2020/dsa-4602
45	https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
46	https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
47	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Vendor Advisory
48	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html	Vendor Advisory
49	https://www.synology.com/security/advisory/Synology_SA_19_24
50	https://www.synology.com/security/advisory/Synology_SA_19_24

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

CVE-2022-4046

Summary	In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
Publication Date	Aug. 3, 2023, 10:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 4:34 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
cpe:2.3:a:codesys:control_for_linux_sl::::::::
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
cpe:2.3:a:codesys:control_rte_sl::::::::
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
cpe:2.3:a:codesys:control_win_sl::::::::
cpe:2.3:a:codesys:hmi_sl::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-025/		Mitigation Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-025/		Mitigation Third Party Advisory

Common Vulnerabilities List

CVE-2022-47378

Summary	Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

CVE-2022-47379

Summary	An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47380

Summary	An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47381

Summary	An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47382

Summary	An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47383

Summary	An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47384

Summary	An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47385

Summary	An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

CVE-2022-47386

Summary	An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47387

Summary	An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47388

Summary	An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47389

Summary	An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47390

Summary	An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47391

Summary	In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
Publication Date	May 15, 2023, 7:15 p.m.
Registration Date	May 16, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				3.5.18.40
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				3.5.18.40
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.18.40
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				3.5.18.40
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				3.5.18.40
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.7.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.7.0.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47392

Summary	An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
Publication Date	May 15, 2023, 8:15 p.m.
Registration Date	May 16, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2022-47393

Summary	An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
Publication Date	May 15, 2023, 8:15 p.m.
Registration Date	May 16, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 4:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:safety_sil2_psp::::::::				4.8.0.0
cpe:2.3:a:codesys:hmi_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:development_system_v3::::::::				4.8.0.0
cpe:2.3:a:codesys:control_win_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(sl\)::::::::				4.8.0.0
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::				4.8.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				3.5.19.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				3.5.19.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory
2	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=		Vendor Advisory

Common Vulnerabilities List

CVE-2023-3662

Summary	In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .
Publication Date	Aug. 3, 2023, 8:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:17 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:codesys:development_system::::::::		3.5.17.0			3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-021/		Mitigation Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-021/		Mitigation Third Party Advisory

Common Vulnerabilities List

CVE-2023-3663

Summary	In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.
Publication Date	Aug. 3, 2023, 8:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:17 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:codesys:development_system::::::::		3.5.11.20			3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-022/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-022/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-3669

Summary	A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:17 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:codesys:development_system::::::::					3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-023		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-023		Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-307	過度な認証試行の不適切な制限	https://cwe.mitre.org/data/definitions/307.html

CVE-2023-3670

Summary	In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.
Publication Date	July 28, 2023, 5:15 p.m.
Registration Date	July 28, 2023, 8 p.m.
Last Update	Nov. 21, 2024, 5:17 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:scripting::::::::	4.0.0.0			4.1.0.0
cpe:2.3:a:codesys:development_system::::::::	3.5.9.0			3.5.17.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-024		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-024		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37545

Summary	In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550
Publication Date	Aug. 3, 2023, 8:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37546

Summary	In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37547

Summary	In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37548

Summary	In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37549

Summary	In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37550

Summary	In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37551

Summary	In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37552

Summary	In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37553

Summary	In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37554

Summary	In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37555

Summary	In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37556

Summary	In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37557

Summary	After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37558

Summary	After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

CVE-2023-37559

Summary	After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558
Publication Date	Aug. 3, 2023, 9:15 p.m.
Registration Date	Aug. 4, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 5:11 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_linux_sl::::::::				4.10.0.0
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::				4.10.0.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::				3.5.19.20
cpe:2.3:a:codesys:safety_sil2::::::::				3.5.19.20
cpe:2.3:a:codesys:hmi::::::::				3.5.19.20
cpe:2.3:a:codesys:development_system::::::::				3.5.19.20
cpe:2.3:a:codesys:control_win_sl::::::::				3.5.19.20
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::				3.5.19.20
cpe:2.3:a:codesys:control_rte_sl::::::::				3.5.19.20

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2023-019/		Third Party Advisory

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
cpe:2.3:a:codesys:control_for_linux_sl::::::::
cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
cpe:2.3:a:codesys:control_rte_sl::::::::
cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::
cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
cpe:2.3:a:codesys:control_win_sl::::::::
cpe:2.3:a:codesys:hmi_sl::::::::