CVE-2023-6357

Summary

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control for BeagleBone SL0 < 4.11.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SL0 < 4.11.0.0affected
CODESYSCODESYS Control for IOT2000 SL0 < 4.11.0.0affected
CODESYSCODESYS Control for Linux ARM SL0 < 4.11.0.0affected
CODESYSCODESYS Control for Linux SL0 < 4.11.0.0affected
CODESYSCODESYS Control for PFC100 SL0 < 4.11.0.0affected
CODESYSCODESYS Control for PFC200 SL0 < 4.11.0.0affected
CODESYSCODESYS Control for PLCnext SL0 < 4.11.0.0affected
CODESYSCODESYS Control for Raspberry Pi SL0 < 4.11.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SL0 < 4.11.0.0affected
CODESYSCODESYS Runtime Toolkit for Linux or QNX0 < 3.5.19.50affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References