Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-6357— OS Command Injection in multiple CODESYS products

CVSS 8.8 · High EPSS 0.26% · P50
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-6357

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OS Command Injection in multiple CODESYS products
Source: NVD (National Vulnerability Database)
Vulnerability Description
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
3s-smart Software Solutions CODESYS Control 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
3s-smart Software Solutions CODESYS Control是德国德国3S智能软件系统方案有限公司(3s-smart Software Solutions)公司的一套工业控制程序编程软件。 3s-smart Software Solutions CODESYS Control 4.11.0.0之前版本存在操作系统命令注入漏洞,该漏洞源于成功通过身份验证的用户可以利用 SysFile 或 CAA-File 系统库注入额外的系统命令,从而使攻击者能够完全控制设备,以下产品和版本受到影
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CODESYSCODESYS Control for BeagleBone SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for emPC-A/iMX6 SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for IOT2000 SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for Linux ARM SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for Linux SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for PFC100 SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for PFC200 SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for PLCnext SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for Raspberry Pi SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Control for WAGO Touch Panels 600 SL 0 ~ 4.11.0.0 -
CODESYSCODESYS Runtime Toolkit for Linux or QNX 0 ~ 3.5.19.50 -

II. Public POCs for CVE-2023-6357

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-6357

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: CODESYS Control for BeagleBone SL
Same vendor: CODESYS
Same weakness: CWE-78

V. Comments for CVE-2023-6357

No comments yet

Leave a comment