Vulnerabilites related to codesys - control_for_raspberry_pi
Vulnerability from fkie_nvd
Published
2020-03-26 04:15
Modified
2024-11-21 04:55
Severity ?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "0EA61ACB-5690-42D7-8420-E77E58D5BA4D", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "A5FB5ED1-0B3C-4426-AC3E-621C230AE38C", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "1477C3BF-2636-4D41-B951-CED7CAE6731A", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "82047F2C-2D3D-4D6C-9DAE-512BD9639747", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "E832FD04-9206-4881-8695-8FA7FE788EE7", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "C21D2A80-B830-483F-A748-2F082D369C73", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD92E41-9C0A-47E0-8B90-181A2ECC4627", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "491C7EFF-D620-40EB-B112-9D0B2AC62B76", versionEndExcluding: "3.5.15.40", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "75BA05C4-3066-4354-9F99-232D181D0CA6", versionEndExcluding: "3.5.15.40", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", matchCriteriaId: "D3281307-8315-42A5-84FD-C683C54B603A", versionEndExcluding: "3.5.15.40", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "E095D809-8408-4FEE-874F-1F021EC7E97E", versionEndExcluding: "3.5.15.40", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "43EBED50-DFA9-430B-8B3C-8994E2E43470", versionEndExcluding: "3.5.15.40", versionStartIncluding: "3.5.9.80", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "93ACEEA3-B958-4070-86F0-5C84869A13E7", versionEndExcluding: "3.5.15.40", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "A4CF0416-A09F-46CF-8285-A46E7F1A2F8C", versionEndExcluding: "3.5.15.40", versionStartIncluding: "3.5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC06C9A-3D60-46FF-BCF4-B1C472DB3850", versionEndExcluding: "3.5.15.40", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.", }, { lang: "es", value: "El servidor web CODESYS versiones V3 anteriores a 3.5.15.40, como es usado en los sistemas de tiempo de ejecución CODESYS Control, presenta un desbordamiento del búfer.", }, ], id: "CVE-2020-10245", lastModified: "2024-11-21T04:55:03.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-26T04:15:11.533", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-16", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-20 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2019-48 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-48 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "0EC6B28E-A811-41B3-8211-5C00F43501B0", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "C35E21FB-D148-4295-8F6E-250276198B78", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "5B3FD146-88C2-4091-9A95-5F1734B4FBC9", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "9A300E3F-5BF6-455E-ADDC-D7443254F049", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "1502A884-95A6-4587-8EFA-82374251CD3A", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "02BEA387-FF44-4AF9-8B80-CD8D6E7F4549", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "8D16B0FB-C69F-4D02-9598-22ADD027D9AA", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "AA7D956E-7844-4F3D-BF27-E38E5D2B0A68", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "15CFC3A8-1D5C-486E-97CB-0F38E9874B96", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "02ED0463-8628-488A-B931-683A2C0205B9", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "9CFF4CBE-6291-479D-BC3C-379C7F7D8337", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "A4D32C64-2C59-461B-8E33-A4EDF31E886E", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "95BE3C03-7A36-4AD8-B5E9-BD91BD729B72", versionEndExcluding: "3.5.15.20", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "1451AE82-855F-425C-9C30-2B96F4B8F2EC", versionEndExcluding: "3.5.15.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.", }, { lang: "es", value: "El servidor web CODESYS 3 versiones anteriores a la versión 3.5.15.20, distribuido con los sistemas de tiempo de ejecución CODESYS Control, tiene un desbordamiento de búfer.", }, ], id: "CVE-2019-18858", lastModified: "2024-11-21T04:33:43.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-20T18:15:10.917", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2019-48", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2019-48", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-17 14:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com/ | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_win | * | |
| codesys | hmi | * | |
| codesys | simulation_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "A5C54235-616B-47A4-A1C5-E8AB7347AFAC", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "0AF7E264-FB36-4BB4-8A8F-4437D637334F", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "9EB64F24-4001-4874-83D3-38413FC94ADD", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A61193-758A-4540-A039-1C8DC0D61B67", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "54022CAB-4847-4E4F-AB14-172649195ACB", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "43B850F0-C963-4C99-9D66-6D72936B4CD7", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "C62EF2A3-DF28-4B1E-91C3-25F105CDCA39", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2E5D2E-2E4C-44B1-8A17-58439295ADE1", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "35EE8235-EF64-4FF7-AFD5-F14D7C0A7BCF", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "44D78350-294B-4477-828D-C9289A1D985E", versionEndExcluding: "3.5.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.", }, { lang: "es", value: "Se detectó un problema en 3S-Smart CODESYS V3 versiones hasta 3.5.12.30. Un usuario con pocos privilegios puede tomar el control total sobre el tiempo de ejecución.", }, ], id: "CVE-2019-9008", lastModified: "2024-11-21T04:50:48.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-17T14:15:10.890", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-23 11:15
Modified
2024-11-21 04:03
Severity ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "B29080C3-A6D8-40D6-8C24-177C00FA27F0", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "B980C936-557F-4F14-A692-165129625A62", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "D282ECAB-FA07-4A81-8F43-AC46A08422D4", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "AC1C508C-6817-42E7-9B4C-CDCAC7477304", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "C1ECCA6D-3F95-4924-9CC6-7315B1608217", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "093C888E-8328-45E9-882C-39D7FBE8E251", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "4E767B6C-7762-4F3C-A8B0-BEC9C1C238D8", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "2DDCE092-30E5-43FB-A20F-A712DFD7B1C3", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "A47EA342-7BDA-4707-9A23-142126C407C1", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "A0FE0CC3-99BF-46BF-907D-E8F2785310BB", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "157E617E-7432-464A-AEC4-29D3806FA2D2", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "D95B012B-C9B0-4E2A-934B-3ECDE463722E", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:*", matchCriteriaId: "8931A117-72B6-4B1C-BF56-E7925D07A790", versionEndExcluding: "2.4.7.52", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:*", matchCriteriaId: "46335A20-A1BF-4E5B-BB1D-B7A4AFF6DB08", versionEndExcluding: "2.4.7.52", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "7A3A8DFF-705F-4562-87CE-E899C5DC2D18", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "9DD3AD40-BEE7-428D-B1F0-1349E10A9DD5", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], id: "CVE-2018-25048", lastModified: "2024-11-21T04:03:26.283", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "info@cert.vde.com", type: "Primary", }, ], }, published: "2023-03-23T11:15:12.730", references: [ { source: "info@cert.vde.com", tags: [ "Not Applicable", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], sourceIdentifier: "info@cert.vde.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "info@cert.vde.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "4AE57E7D-63C1-470F-A95B-B9DA3A586E04", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "7B5F06D0-5224-4D76-A856-9AB57BF87D59", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "CB388FBB-8512-4FCE-A754-A82239A911B9", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "41722BB1-40F6-4D12-9A00-156D04C92097", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "5E56A636-9DC3-411D-B287-308A2BAC759D", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "82614FBA-2612-4FA4-988B-D67E80B5DDA7", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "387FB2B8-5435-4054-94A4-0AE60A42FB0C", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "4B7517E0-0D9C-4AA8-B8A9-7F1420FE4616", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*", matchCriteriaId: "1C80CDF5-5264-41CD-A475-E46C3E941F4A", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*", matchCriteriaId: "6097C902-F24A-4408-8E2C-C90F0AB67E13", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", matchCriteriaId: "2DDE8129-4CEE-440B-B0D1-29BB93D1ACE8", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "6CF52B1D-7AF9-4DAD-A8E7-6CB7CC060E08", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "E86A4C83-B82D-4D2F-96C6-C8F66B7AB947", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.9.80", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "890104AC-5CB4-466D-9CC0-F39E8B24BD9D", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "7CE9850A-47B3-4C37-90C0-FF9516DF025F", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "31C2638C-D4C4-4C71-A873-E7836802E6FE", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "9A09DAE1-678B-49A2-88CE-CFF4F514673E", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.9.40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.", }, { lang: "es", value: "El sistema del tiempo de ejecución de Control CODESYS, versiones anteriores a 3.5.16.10, permite una Asignación de Memoria No Controlada", }, ], id: "CVE-2020-15806", lastModified: "2024-11-21T05:06:13.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.317", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-13 17:15
Modified
2024-11-21 04:25
Severity ?
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "BC95996F-4E60-4CCE-BC7D-2F998969455D", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "CCE0D6F6-86D9-488A-A02B-48F4BD6F67D4", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "08C05889-826B-411F-AD6A-F18C432A3B1F", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "225A5B49-7DB5-4B80-A560-5BEE65A7FC3D", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6DD82E-5047-4E7B-8C73-3BF8FD112F3A", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "47A9B7EB-229C-4A23-9BB7-72A5ABD61279", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "43092C73-1302-4915-B2BC-59058FF61EFA", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "B9392852-7BEF-402C-9ED4-2D7D40955311", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "FB77946F-7038-40FD-8204-B777ED0E59D2", versionEndExcluding: "3.5.14.10", versionStartIncluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "F1CB113B-1207-43D9-A999-42B08AD50EB2", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "EE519838-FADF-43EA-9723-9283C0E18E85", versionEndIncluding: "3.5.12.80", versionStartIncluding: "3.5.9.80", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "3466070E-1377-4272-AC73-717B9DEC144C", versionEndExcluding: "3.5.14.10", versionStartIncluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "07A7C9E7-ABF4-4C29-AF16-E697E35CFFC7", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "BD2CDAC2-F8EB-45F4-82E2-5E5601F49D8A", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "1AC3C628-281A-4E8E-ADE6-4CE976E187D4", versionEndExcluding: "3.5.14.10", versionStartIncluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "08230AB2-9EA0-4F98-8CE5-0A9ADB2B2334", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.", }, { lang: "es", value: "El servidor web de CODESYS V3, todas las versiones anteriores a 3.5.14.10, permite a un atacante enviar peticiones http o https especialmente diseñadas que pueden conceder el acceso a archivos fuera del directorio de trabajo restringido del controlador.", }, ], id: "CVE-2019-13532", lastModified: "2024-11-21T04:25:05.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-13T17:15:11.617", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-13 17:15
Modified
2024-11-21 04:25
Severity ?
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "BC95996F-4E60-4CCE-BC7D-2F998969455D", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "CCE0D6F6-86D9-488A-A02B-48F4BD6F67D4", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "08C05889-826B-411F-AD6A-F18C432A3B1F", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "225A5B49-7DB5-4B80-A560-5BEE65A7FC3D", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "3E6DD82E-5047-4E7B-8C73-3BF8FD112F3A", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "47A9B7EB-229C-4A23-9BB7-72A5ABD61279", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "43092C73-1302-4915-B2BC-59058FF61EFA", versionEndExcluding: "3.5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "B9392852-7BEF-402C-9ED4-2D7D40955311", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "FB77946F-7038-40FD-8204-B777ED0E59D2", versionEndExcluding: "3.5.14.10", versionStartIncluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "F1CB113B-1207-43D9-A999-42B08AD50EB2", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "EE519838-FADF-43EA-9723-9283C0E18E85", versionEndIncluding: "3.5.12.80", versionStartIncluding: "3.5.9.80", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "3466070E-1377-4272-AC73-717B9DEC144C", versionEndExcluding: "3.5.14.10", versionStartIncluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "07A7C9E7-ABF4-4C29-AF16-E697E35CFFC7", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "BD2CDAC2-F8EB-45F4-82E2-5E5601F49D8A", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "1AC3C628-281A-4E8E-ADE6-4CE976E187D4", versionEndExcluding: "3.5.14.10", versionStartIncluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "08230AB2-9EA0-4F98-8CE5-0A9ADB2B2334", versionEndExcluding: "3.5.12.80", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.", }, { lang: "es", value: "El servidor web de CODESYS V3, todas las versiones anteriores a 3.5.14.10, permite a un atacante enviar peticiones http o https especialmente diseñadas que podrían causar un desbordamiento de la pila y crear una condición de denegación de servicio o permitir la ejecución de código remota.", }, ], id: "CVE-2019-13548", lastModified: "2024-11-21T04:25:07.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-13T17:15:11.693", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-17 19:15
Modified
2024-11-21 04:25
Severity ?
Summary
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-255-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_win | * | |
| codesys | linux | * | |
| codesys | runtime_system_toolkit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "71439C06-3F84-4AC4-AC41-4E0AB9AC210C", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "11BD175F-8CBB-45A0-870D-E56E6B57FBB2", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "2EA5147D-D5AB-4352-95EE-0D90C80781B5", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "45DBEFC0-1336-4170-8EA7-A6871AC505CD", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "1C5F1F99-93B3-4F16-B864-023F956601FF", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "2AF22400-3C26-4D90-AC04-FCAC171EE435", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "67E16675-C26E-43C4-9140-CCA4E466C693", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "E32E1F58-72F8-410B-A8C3-7E8DEA67D4A3", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:linux:*:*:*:*:*:*:*:*", matchCriteriaId: "40343F22-A7DB-4EFF-A58C-957128A7AC96", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "CC74338D-F093-4D49-B56D-3EF17232F98A", versionEndExcluding: "3.5.15.0", versionStartIncluding: "3.5.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", }, { lang: "es", value: "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, todas las versiones desde 3.5.11.0 hasta 3.5.15.0, permite a un atacante enviar peticiones diseñadas desde un cliente OPC UA confiable que causa una desreferencia del puntero NULL, lo que puede desencadenar una condición de denegación de servicio.", }, ], id: "CVE-2019-13542", lastModified: "2024-11-21T04:25:06.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-17T19:15:10.757", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 20:15
Modified
2024-11-21 05:36
Severity ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "B4E5BF9F-79C9-48D3-9F2D-CCDF73144FCA", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "221CAFE3-1BC7-4CAC-B3F8-981B3F267CFE", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "9B048CEB-E1D0-4EF1-9BD3-966CB9E147D8", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "A72217A3-4591-4C52-AB37-7FD652276569", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "51EFD6C4-C1AC-45D7-909F-6B074B32090E", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "8C1B75F5-F426-4877-9004-1F714B2A4968", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "2F150E51-4E03-40A8-8099-E5BE13234DD9", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "8D839D59-8090-4158-A2C2-847DEDD9674D", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "E278A9AE-5684-4F7E-B253-0F70CA835322", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", matchCriteriaId: "650315EF-4AC2-4B5B-A5A1-8ABBE6C398B6", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C46635-3068-4DDA-8527-2E473763E652", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "B7F22E48-0C8D-47C2-8C88-F35ED1027465", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.9.80", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5A487191-D2CD-484B-88D3-C7A1EFD8C19B", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "0B3462D2-9AA7-4046-B491-36A2A9970BA7", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", matchCriteriaId: "4F4FCCC9-6069-47D6-AB46-65697F7AE58D", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "375689F5-9B58-491C-BD1C-2CF5C9CEB474", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.9.40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.", }, { lang: "es", value: "CODESYS Control versión V3, Gateway versión V3 y HMI versiones V3 anteriores a 3.5.15.30, permiten una asignación de memoria no controlada que puede resultar en una condición de denegación de servicio remota.", }, ], id: "CVE-2020-7052", lastModified: "2024-11-21T05:36:34.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T20:15:10.970", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-17 16:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_win | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | linux | * | |
| codesys | runtime_system_toolkit | * | |
| codesys | safety_sil2 | * | |
| codesys | simulation_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "958821C8-142A-4B67-857B-63A6AD53E1B8", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "B9940444-8CFD-4044-8662-FDC11E93E6E4", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "805D48DF-DA8F-40AB-B7AE-B2F0A75616E9", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "EAEAC81A-4FFA-4692-961D-7DF58E2B0CDE", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "2506A775-D1FB-4C2F-98EC-B781AA19E340", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "963C9351-B167-4C1F-914E-A7009A532A0F", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "0A5F978B-5245-41D9-B11C-B27703A2A090", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "1429532E-76A8-4987-B916-AA3FD7C37E06", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "563FD9B0-D6F5-4A4C-A43D-555C2DC60DD4", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "ABFC0D89-BD79-4032-B0CA-08C4F8EA1776", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:linux:*:*:*:*:*:*:*:*", matchCriteriaId: "4A2B09D6-8FD2-46FA-A1B2-55B7E996D71B", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "417EFF04-1584-44C3-8AD9-593174089A31", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", matchCriteriaId: "139851DD-0E16-4C8D-AA55-0231B2C443A7", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "3FB11CE8-8B22-4D2D-A0A9-4D23C30A3FF5", versionEndExcluding: "3.5.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.", }, { lang: "es", value: "Se descubrió un problema en 3S-Smart CODESYS versiones anteriores a 3.5.15.0. Unos paquetes de red diseñados causan que el Control Runtime se bloquee.", }, ], id: "CVE-2019-9009", lastModified: "2024-11-21T04:50:48.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-17T16:15:11.077", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-14 21:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "2A5313A0-4D9B-4B1F-B432-F84130717DE7", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "C9EA03EF-F424-4AC6-AC0B-A284A2553092", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "38ECECFA-13C2-459E-B509-5F663E72CDE9", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "1CC12843-4775-46BF-BB7F-35D7A4825027", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "84E46BF9-F5A0-4C09-BE2B-486263D89E85", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "C17614A6-F334-4955-824D-A237A9672ECD", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "BFAF3E76-D917-48FA-BE80-7CEF592359F3", versionEndExcluding: "3.5.16.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "977B88F5-FA46-41A6-B65E-034EEBA19755", versionEndExcluding: "3.5.16.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "C6E1A555-20F2-4C1D-824C-9BFE5A8C1184", versionEndExcluding: "3.5.16.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", matchCriteriaId: "03FB53F8-F076-41FB-B556-077F99584B76", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "C2B23429-F3C9-4414-A3C8-FDEA5D0DFE96", versionEndExcluding: "3.5.16.0", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.", }, { lang: "es", value: "Se detectó un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios.", }, ], id: "CVE-2020-12068", lastModified: "2024-11-21T04:59:12.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-14T21:15:13.260", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.codesys.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.codesys.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-26 19:15
Modified
2024-11-21 04:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pilz:pmc:*:*:*:*:*:*:*:*", matchCriteriaId: "1603B9DF-B514-409E-BCB4-9366F9457EB7", versionEndExcluding: "3.5.17", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "2A5313A0-4D9B-4B1F-B432-F84130717DE7", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "C9EA03EF-F424-4AC6-AC0B-A284A2553092", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "38ECECFA-13C2-459E-B509-5F663E72CDE9", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "A7492683-673C-495F-9748-E3467F547F3B", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "1CC12843-4775-46BF-BB7F-35D7A4825027", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "84E46BF9-F5A0-4C09-BE2B-486263D89E85", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "C17614A6-F334-4955-824D-A237A9672ECD", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte_v3:*:*:*:*:*:*:*:*", matchCriteriaId: "14130B51-A172-4F7B-8C66-EC77BC88E7B7", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "B6D33373-E3FC-468A-9CDC-9902C58A6506", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win_v3:*:*:*:*:*:*:*:*", matchCriteriaId: "3FF3AC84-140D-4F59-8624-714F974DFE42", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi_v3:*:*:*:*:*:*:*:*", matchCriteriaId: "620EFF51-16DA-4A0F-AB32-E42D064EDC21", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:v3_simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "09EFCCBD-8961-4E2F-90F3-452EB2B354C1", versionEndExcluding: "3.5.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "5949D80D-9E1D-4F4C-A64F-3C24F77E1961", vulnerable: true, }, { criteria: "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1:*:*:*:*:*:*:*", matchCriteriaId: "6479AA1B-D587-47F0-8695-CB3E9DFE96DA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:festo:controller_cecc-d:-:*:*:*:*:*:*:*", matchCriteriaId: "D5F17E63-45C3-48C7-916C-272FEB02E8C7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "4CF6A2F0-0190-48FF-BB9A-C7651D92A24A", vulnerable: true, }, { criteria: "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1:*:*:*:*:*:*:*", matchCriteriaId: "AB868741-D7A8-4DDB-A2A3-1074D6B9DD85", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:festo:controller_cecc-lk:-:*:*:*:*:*:*:*", matchCriteriaId: "AA82BF77-3362-46A9-8ED3-BD7A07779562", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "B703F63E-C0DA-4426-9378-3A7A6E3E5060", vulnerable: true, }, { criteria: "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1:*:*:*:*:*:*:*", matchCriteriaId: "37695435-4E04-4B5E-8D85-B9786A740C07", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:festo:controller_cecc-s:-:*:*:*:*:*:*:*", matchCriteriaId: "07DFC73D-3164-402D-A7D0-D37610206F8D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8217_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FA5412C2-6982-4A66-B440-51DEF02F2C11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*", matchCriteriaId: "B23CD8FD-FC7A-4E24-BF8F-648478D82645", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6766E924-B6F0-4B49-AC5C-4635DFFA9E52", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*", matchCriteriaId: "3B854F74-173E-4523-BBA7-8FF7A9B9880E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8215_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB1544BB-CDDE-4E32-8D64-F6A65DC2B6CC", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8215:-:*:*:*:*:*:*:*", matchCriteriaId: "577EDC26-671C-4703-BBF0-FE93AFEA81E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E1169B9-53BD-47CF-BF19-17DBC0703B51", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*", matchCriteriaId: "979A8E43-4285-4A7B-BB0B-E6888117862C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68D4E7F6-CEAE-456D-AF2D-9A6B3D6B2F45", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*", matchCriteriaId: "4969E8EB-EF09-47B9-8F03-37BB87CFD048", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D577EB6B-E29C-4E0A-816F-0231ADA84A07", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*", matchCriteriaId: "20BBC380-0F6E-4400-93AF-5B6CFEF00562", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C3A5FA7D-E0FF-4676-BFE8-70EF94C7C349", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*", matchCriteriaId: "5CD6B267-3E4B-4597-82A6-130D6F21C728", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5065C4C4-E09F-4B09-B2BD-2B8BC7451C3E", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*", matchCriteriaId: "1E11758B-46C3-4E57-943A-C9C073AE5211", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5B6F7A7E-4E7E-4721-A30E-2629B700E184", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*", matchCriteriaId: "DA98A0D9-B050-430B-96C5-15932438FD3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E97F6B2-2065-4726-88D9-80145F3C23C5", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*", matchCriteriaId: "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A035FB07-360A-479D-A6B3-979CCE07A8D7", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*", matchCriteriaId: "7AF14BE1-1EB5-423B-9FE7-E401AEF92553", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F174A297-EF2D-491D-BF24-02E52ABE1CCA", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*", matchCriteriaId: "EC428EC8-532A-4825-BCE3-C42A4BC01C68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC08CA50-30F0-4970-A688-447FD6ABA0E7", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*", matchCriteriaId: "23B02096-81A5-4823-94F3-D87F389397DE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C24AAFAF-2BB2-4C90-A294-794D76FEF295", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*", matchCriteriaId: "A409E2AA-49AC-4967-8984-070FC9AD06E3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C07A6921-5664-4DDB-BB9E-32375B6ADDAD", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*", matchCriteriaId: "3111C2A1-CABC-42BF-9EB1-66667A7269C7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0BAFAAD6-8F69-4C71-8A88-CD9FDACF1485", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*", matchCriteriaId: "33C4EEF3-EB06-4A8E-9BB2-0FE0AC3A6B7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4201\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AB6C8A59-2E86-4E4E-AABF-BFA48A4C5733", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4201\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "D2E54B6A-82B1-4AFA-BBA0-1998B5DE0BBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4202\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6500D1ED-60AC-45E2-921B-5F7735B265BF", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4202\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "09484C17-CD67-44E3-BA2D-0F718D888B0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4203\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2F53B32B-C496-49AD-85F1-D7CA256FCE40", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4203\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "7E5672E3-7B4C-4FAF-955E-04EEB9E5B210", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4204\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6951A92E-974E-4361-9551-CE5D58D82D14", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4204\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "1C9E9B25-5C96-4665-9DC2-DD11905331AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4205\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "86F222E9-8105-477C-BC4D-558751183C52", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4205\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "A646213B-FF88-4A28-91B8-E21BD3710DF1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4205\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E7E68AF4-175D-49A2-AD1C-002845FE0C3D", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4205\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "A2569546-AC58-420F-8FE6-90BA904DF6AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4206\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F1D621FF-BF0B-4E20-97A0-8A53C68C5A89", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4206\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "39A1F780-B010-4C95-B1B8-3A2D34938223", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4206\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66A5AE5B-619A-400F-B4B2-10884F64369F", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4206\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "C88834C9-E823-4B11-91D2-8E2264D5E3D2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4301\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C5A57157-6B49-402E-9533-828E59C67649", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4301\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4302\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BFADF5D8-9EAA-4D93-A4ED-315BE26D0BBA", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4302\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4303\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "523A4534-4A47-4E29-B33C-85C13B9523B1", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4303\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "3A5421E8-67EA-4D0D-889F-A64DA70E7695", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4304\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FD6DA33-2CB6-483D-8F89-B8D0C6A73FA7", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4304\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "4DB95678-6815-4FB6-AA22-E6FEC011B269", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4305\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6386C510-8897-4EF8-8A5C-EB869FEF98A1", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4305\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "A6C67678-4BC4-417A-AD6E-FB60B0F7A384", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4306\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94D29BB6-F958-4BD5-BFCB-A2B914C0885A", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4306\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "082B2ECB-179E-4DE9-856F-EDDBB42AF318", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5203\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0108A9FD-18D0-4D5B-92BE-641C81BFD17D", versionEndIncluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5203\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "8DBE3A7A-F96D-41B8-A150-BA5DC144DAA1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5204\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD2E2CCA-74C4-40E5-931B-AB307357D658", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5204\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EE3467-287E-4729-8C2B-3F43B92A49B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5205\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CE8AF21-A70F-4EF5-A6A2-00C953B6181C", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5205\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "13B53684-BFE1-4100-9624-A034119E7CAA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5206\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D1405E2-8561-4F3E-983C-C294BA6351CF", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5206\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "2CD7B74F-71F9-4B0F-A9EB-EEA6FBEF81FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5303\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94443EB3-0519-4238-B637-4FDB0B20ACCE", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5303\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "9D4FF612-453D-4287-8989-2779A6F6A0A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5304\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "833276FD-3A3B-4B83-94BA-589ADEF2010D", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5304\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "80089A85-1174-4E47-BC36-69DD11A3FFF8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5305\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D779360-F243-47C4-86A7-FF5020238F42", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5305\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "91554389-BCF9-48EB-B198-A192BAE6206D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5306\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "151B1218-958A-4BE3-925F-D95F5ADCD942", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5306\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "E65CA42E-371C-407C-84F9-64AC3F02FFE2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6201\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334E43C5-CD20-4DCF-805D-34E75E4AE8C4", versionEndIncluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6201\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6202\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FEE9E55C-1241-40D2-9357-AF657BBEFB28", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6202\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "FF4E78EB-C91E-4E92-AF9F-90300EE96E03", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6203\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1805464-9B11-41E3-A80A-8FC5299A6E50", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6203\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "C98F37AB-BFC5-49C2-B8FD-21AA0266C703", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6204\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "979D2D35-114F-4B23-A3E9-0F0A619B4AF9", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6204\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "422F9EEC-8516-4692-93DE-BB0F385D2BD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6301\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "71DF0E46-8E22-49B5-B1E1-5B3CBAA7FD1E", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6301\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "742F9265-3770-4B4E-A327-2202E2DAEA84", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6302\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8FAE1A9D-1A41-475C-83D7-E9E0105E70BC", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6302\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB659-7FF2-4272-9818-3517AC55BFFD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6303\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C90343DF-DA2F-4AAE-AD85-AC715C838E47", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6303\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "1E7E5506-BA01-4B6F-9475-3F2056019858", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6304\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FE417E0-9A5F-4C68-BF1B-10535FEF4B19", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6304\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "6E8E97AD-B5B4-4F54-A8B8-52E83F34C33D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:752-8303\\/8000-0002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0090E3E-5CB8-4363-9CA0-A9165910BD9A", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:752-8303\\/8000-0002:*:*:*:*:*:*:*:*", matchCriteriaId: "922FBB58-6D8C-42CC-AAB2-5372DF63C280", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.", }, { lang: "es", value: "En los productos CODESYS V3 en todas las versiones anteriores a la V3.5.16.0 que contienen CmpUserMgr, el sistema de tiempo de ejecución de CODESYS Control almacena las contraseñas de comunicación en línea utilizando un algoritmo hash débil. Esto puede ser utilizado por un atacante local con pocos privilegios para obtener el control total del dispositivo.", }, ], id: "CVE-2020-12069", lastModified: "2024-11-21T04:59:12.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "info@cert.vde.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-26T19:15:10.520", references: [ { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { source: "info@cert.vde.com", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, ], sourceIdentifier: "info@cert.vde.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-916", }, ], source: "info@cert.vde.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-916", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2020-12069
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 16:17
Severity ?
EPSS score ?
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2021-061/ | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2022-031/ | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2022-022/ | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS V3 containing the CmpUserMgr |
Version: V3 < V3.5.16.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:58.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-12069", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T16:17:42.834492Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-14T16:17:54.368Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CODESYS V3 containing the CmpUserMgr", vendor: "CODESYS", versions: [ { lessThan: "V3.5.16.0", status: "affected", version: "V3", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.", }, ], value: "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-916", description: "CWE-916 Use of Password Hash With Insufficient Computational Effort", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T05:40:17.087Z", orgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", shortName: "CERTVDE", }, references: [ { tags: [ "vendor-advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, { tags: [ "vendor-advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { tags: [ "vendor-advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { tags: [ "vendor-advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, ], source: { discovery: "UNKNOWN", }, title: "CODESYS V3 prone to Inadequate Password Hashing", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12069", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2020-04-22T00:00:00.000Z", dateUpdated: "2025-04-14T16:17:54.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-25048
Vulnerability from cvelistv5
Published
2023-03-23 10:45
Modified
2025-02-19 21:00
Severity ?
EPSS score ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-25048", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T21:00:23.308028Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T21:00:29.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Control for BeagleBone", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: " Control for emPC-A/iMX6", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for IOT2000", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for PFC100", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for PFC200", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for Raspberry Pi", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control RTE V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control Win V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Simulation Runtime (part of the CODESYS Development System)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "HMI V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Remote Target Visu (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control V3 Runtime System Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Embedded Target Visu Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Remote Target Visu Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime Toolkit 32 bit embedded", vendor: "CODESYS", versions: [ { lessThan: "2.3.2.10", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime Toolkit 32 bit full", vendor: "CODESYS", versions: [ { lessThan: "2.4.7.52", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime PLCWinNT", vendor: "CODESYS", versions: [ { lessThan: "2.4.7.52", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: " Prosoft-Systems Ltd.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-23T10:45:36.900Z", orgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", shortName: "CERTVDE", }, references: [ { url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], source: { defect: [ "CERT@VDE#64324", ], discovery: "EXTERNAL", }, title: "Codesys Runtime Improper Limitation of a Pathname", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", assignerShortName: "CERTVDE", cveId: "CVE-2018-25048", datePublished: "2023-03-23T10:45:36.900Z", dateReserved: "2022-12-07T12:06:08.365Z", dateUpdated: "2025-02-19T21:00:29.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10245
Vulnerability from cvelistv5
Published
2020-03-26 03:45
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-16 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download= | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:58:39.676Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2020-16", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-26T03:49:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2020-16", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10245", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2020-16", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2020-16", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10245", datePublished: "2020-03-26T03:45:20", dateReserved: "2020-03-09T00:00:00", dateUpdated: "2024-08-04T10:58:39.676Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12068
Vulnerability from cvelistv5
Published
2020-05-14 20:29
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.codesys.com | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.839Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.codesys.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-14T20:29:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.codesys.com", }, { tags: [ "x_refsource_MISC", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12068", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.codesys.com", refsource: "MISC", url: "https://www.codesys.com", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", refsource: "MISC", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12068", datePublished: "2020-05-14T20:29:21", dateReserved: "2020-04-22T00:00:00", dateUpdated: "2024-08-04T11:48:57.839Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15806
Vulnerability from cvelistv5
Published
2020-07-22 18:14
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.codesys.com | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | x_refsource_CONFIRM | |
| https://www.tenable.com/security/research/tra-2020-46 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:22.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.codesys.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T22:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.codesys.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15806", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.codesys.com", refsource: "MISC", url: "https://www.codesys.com", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { name: "https://www.tenable.com/security/research/tra-2020-46", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2020-46", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15806", datePublished: "2020-07-22T18:14:43", dateReserved: "2020-07-17T00:00:00", dateUpdated: "2024-08-04T13:30:22.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7052
Vulnerability from cvelistv5
Published
2020-01-24 19:31
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-04 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:02.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-24T19:31:58", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-7052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2020-04", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2020-04", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-7052", datePublished: "2020-01-24T19:31:59", dateReserved: "2020-01-14T00:00:00", dateUpdated: "2024-08-04T09:18:02.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18858
Vulnerability from cvelistv5
Published
2019-11-20 17:04
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | x_refsource_MISC | |
| https://www.tenable.com/security/research/tra-2019-48 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:39.804Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2019-48", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-20T20:07:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2019-48", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18858", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", refsource: "MISC", url: "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", }, { name: "https://www.tenable.com/security/research/tra-2019-48", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2019-48", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18858", datePublished: "2019-11-20T17:04:25", dateReserved: "2019-11-11T00:00:00", dateUpdated: "2024-08-05T02:02:39.804Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13532
Vulnerability from cvelistv5
Published
2019-09-13 16:58
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CODESYS V3 web server |
Version: all versions prior to 3.5.14.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:57:39.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CODESYS V3 web server", vendor: "n/a", versions: [ { status: "affected", version: "all versions prior to 3.5.14.10", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-13T16:58:21", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2019-13532", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "CODESYS V3 web server", version: { version_data: [ { version_value: "all versions prior to 3.5.14.10", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2019-13532", datePublished: "2019-09-13T16:58:21", dateReserved: "2019-07-11T00:00:00", dateUpdated: "2024-08-04T23:57:39.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13548
Vulnerability from cvelistv5
Published
2019-09-13 16:58
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CODESYS V3 web server |
Version: all versions prior to 3.5.14.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:57:39.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "CODESYS V3 web server", vendor: "n/a", versions: [ { status: "affected", version: "all versions prior to 3.5.14.10", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "STACK-BASED BUFFER OVERFLOW CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-13T16:58:29", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2019-13548", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "CODESYS V3 web server", version: { version_data: [ { version_value: "all versions prior to 3.5.14.10", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "STACK-BASED BUFFER OVERFLOW CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2019-13548", datePublished: "2019-09-13T16:58:29", dateReserved: "2019-07-11T00:00:00", dateUpdated: "2024-08-04T23:57:39.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13542
Vulnerability from cvelistv5
Published
2019-09-17 18:56
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-255-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GmbH | 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server |
Version: all versions 3.5.11.0 to 3.5.15.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:57:39.459Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server", vendor: "GmbH", versions: [ { status: "affected", version: "all versions 3.5.11.0 to 3.5.15.0", }, ], }, ], descriptions: [ { lang: "en", value: "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "NULL POINTER DEREFERENCE CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-17T18:56:45", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "ics-cert@hq.dhs.gov", ID: "CVE-2019-13542", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server", version: { version_data: [ { version_value: "all versions 3.5.11.0 to 3.5.15.0", }, ], }, }, ], }, vendor_name: "GmbH", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "NULL POINTER DEREFERENCE CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2019-13542", datePublished: "2019-09-17T18:56:45", dateReserved: "2019-07-11T00:00:00", dateUpdated: "2024-08-04T23:57:39.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9009
Vulnerability from cvelistv5
Published
2019-09-17 15:34
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:31:37.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T11:23:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9009", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9009", datePublished: "2019-09-17T15:34:42", dateReserved: "2019-02-22T00:00:00", dateUpdated: "2024-08-04T21:31:37.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9008
Vulnerability from cvelistv5
Published
2019-09-17 13:15
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.codesys.com/ | x_refsource_MISC | |
| https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | third-party-advisory, x_refsource_CERT | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:31:37.527Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.codesys.com/", }, { name: "US Computer Emergency Readiness Team", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T11:43:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.codesys.com/", }, { name: "US Computer Emergency Readiness Team", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9008", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.codesys.com/", refsource: "MISC", url: "https://www.codesys.com/", }, { name: "US Computer Emergency Readiness Team", refsource: "CERT", url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9008", datePublished: "2019-09-17T13:15:32", dateReserved: "2019-02-22T00:00:00", dateUpdated: "2024-08-04T21:31:37.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }