CVE-2023-37551

Name of the Vulnerable Software and Affected Versions Codesys products (affected versions not specified)

Description The issue allows specially crafted network communication requests to utilize the CmpApp component and download files with any file extensions to the controller after successful user authentication. Unlike the regular file download via CmpFileTransfer, this method does not filter certain file types, potentially compromising the integrity of the CODESYS control runtime system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.