CVE-2019-19789 - 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.

CVE-2019-19789

Summary

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.

References

Vulnerable Configurations

cpe:2.3:a:codesys:plcwinnt:-:*:*:*:*:*:*:*
cpe:2.3:a:codesys:plcwinnt:-:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:-:*:*:*:*:*:x86:*
cpe:2.3:a:codesys:runtime_toolkit:-:*:*:*:*:*:x86:*
cpe:2.3:a:codesys:sp_realtime_nt:-:*:*:*:*:*:*:*
cpe:2.3:a:codesys:sp_realtime_nt:-:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 03-01-2020 - 15:43)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12946&token=edd5d8e821edaf3189d36bb1cac1aa1bfc42351f&download=
misc	https://www.codesys.com

Last major update

03-01-2020 - 15:43

Published

20-12-2019 - 13:15

Last modified

03-01-2020 - 15:43