1. CVE-Search
  2. CVE-2020-10245
ID CVE-2020-10245
Summary CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:codesys:control_for_beaglebone:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_beaglebone:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_empc-a\/imx6:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_empc-a\/imx6:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_empc-a\/imx6:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_empc-a\/imx6:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_iot2000:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_iot2000:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_iot2000:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_iot2000:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_linux:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_linux:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_linux:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_linux:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_pfc100:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_pfc100:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_pfc100:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_pfc100:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_pfc200:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_pfc200:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_pfc200:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_pfc200:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_plcnext:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_plcnext:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_plcnext:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_plcnext:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_raspberry_pi:-:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_raspberry_pi:-:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_rte:3.5.8.60:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_rte:3.5.8.60:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_rte:3.5.8.60:*:*:*:*:beckhoff_cx:*:*
    cpe:2.3:a:codesys:control_rte:3.5.8.60:*:*:*:*:beckhoff_cx:*:*
  • cpe:2.3:a:codesys:control_rte:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_rte:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_rte:3.5.15.30:*:*:*:*:beckhoff_cx:*:*
    cpe:2.3:a:codesys:control_rte:3.5.15.30:*:*:*:*:beckhoff_cx:*:*
  • cpe:2.3:a:codesys:control_runtime_system_toolkit:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_runtime_system_toolkit:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_runtime_system_toolkit:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_runtime_system_toolkit:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_win:3.5.9.80:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_win:3.5.9.80:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:control_win:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:control_win:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:hmi:3.5.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:hmi:3.5.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:hmi:3.5.15.30:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:hmi:3.5.15.30:*:*:*:*:*:*:*
  • cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*
    cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 01-04-2020 - 17:41)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=
misc https://www.tenable.com/security/research/tra-2020-16
Last major update 01-04-2020 - 17:41
Published 26-03-2020 - 04:15
Last modified 01-04-2020 - 17:41
Back to Top