Vulnerabilites related to codesys - simulation_runtime
Vulnerability from fkie_nvd
Published
2021-05-03 14:15
Modified
2024-11-21 06:00
Severity ?
Summary
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= | Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com/security/security-reports.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com/security/security-reports.html | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "5EA5176A-EC2A-4D06-A180-CE7204DBAF92", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "089B01CE-0023-44E9-8149-95A9C8BFC544", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "150D1F73-22B1-4B41-97A0-B02EF5CE92A9", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "11A71DCF-8007-4693-BD0F-22FCD0FC0C62", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "6ADB2C58-D545-451E-BE60-7B989E9EBCEF", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "6C535337-0082-4C76-B9E9-E0F9EA4D1E36", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "ADCF1EDB-6FED-4421-BF16-A14EE6EB0505", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "9DB284A7-76D5-4BD1-972B-751AC0B378D8", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "BA3C058E-AE70-4E64-B3A0-60DED7A26B18", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", matchCriteriaId: "67D475FB-BF84-4EEE-B096-8B81C2ED36A5", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "64A83FD0-A545-459B-860F-70DE8E4A69DC", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", matchCriteriaId: "9BFCCFA4-A803-4B5E-BAD5-C26A6FE33A4C", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "0224CA62-8670-4135-9A50-5E523D89CB25", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "25458B55-414D-4CB4-BD51-4E4D101BB24A", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", matchCriteriaId: "E331194D-C80D-4C81-A332-9F67F6425FD0", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", matchCriteriaId: "FFBA19D6-9436-4E14-B9D3-28B82CB0321D", versionEndExcluding: "4.1.0.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "A59EBA23-C9F0-4A7A-9483-2EB9377023CE", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E3954149-77D5-4FEE-B236-578D0ED18592", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "A39C361B-514B-423C-B917-2E13935DF1A9", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*", matchCriteriaId: "E59EF90A-4580-41AD-8DAB-1259C766E230", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*", matchCriteriaId: "242B0BB4-1E48-4CD1-AFF3-F96561D2A885", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "74AB840C-88D7-47CA-8716-0C0F6ABEE8E2", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:safety_sil:*:*:*:*:*:*:*:*", matchCriteriaId: "FEF5325B-B72B-46BB-9DCB-F8054621DA6D", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "61972DA3-9423-4C13-98E3-F287BD414A59", versionEndExcluding: "3.5.17.0", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.", }, { lang: "es", value: "El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobación inapropiada de entrada. Los atacantes pueden enviar paquetes de comunicación diseñados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, agregar, eliminar o cambiar paquetes de comunicación de bajo nivel.", }, ], id: "CVE-2021-29242", lastModified: "2024-11-21T06:00:52.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-03T14:15:07.667", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com/security/security-reports.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com/security/security-reports.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "4AE57E7D-63C1-470F-A95B-B9DA3A586E04", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "7B5F06D0-5224-4D76-A856-9AB57BF87D59", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "CB388FBB-8512-4FCE-A754-A82239A911B9", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "41722BB1-40F6-4D12-9A00-156D04C92097", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "5E56A636-9DC3-411D-B287-308A2BAC759D", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "82614FBA-2612-4FA4-988B-D67E80B5DDA7", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "387FB2B8-5435-4054-94A4-0AE60A42FB0C", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "4B7517E0-0D9C-4AA8-B8A9-7F1420FE4616", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*", matchCriteriaId: "1C80CDF5-5264-41CD-A475-E46C3E941F4A", versionEndExcluding: "3.5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*", matchCriteriaId: "6097C902-F24A-4408-8E2C-C90F0AB67E13", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", matchCriteriaId: "2DDE8129-4CEE-440B-B0D1-29BB93D1ACE8", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "6CF52B1D-7AF9-4DAD-A8E7-6CB7CC060E08", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "E86A4C83-B82D-4D2F-96C6-C8F66B7AB947", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.9.80", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "890104AC-5CB4-466D-9CC0-F39E8B24BD9D", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "7CE9850A-47B3-4C37-90C0-FF9516DF025F", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "31C2638C-D4C4-4C71-A873-E7836802E6FE", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "9A09DAE1-678B-49A2-88CE-CFF4F514673E", versionEndExcluding: "3.5.16.10", versionStartIncluding: "3.5.9.40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.", }, { lang: "es", value: "El sistema del tiempo de ejecución de Control CODESYS, versiones anteriores a 3.5.16.10, permite una Asignación de Memoria No Controlada", }, ], id: "CVE-2020-15806", lastModified: "2024-11-21T05:06:13.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.317", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 20:15
Modified
2024-11-21 05:36
Severity ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "B4E5BF9F-79C9-48D3-9F2D-CCDF73144FCA", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "221CAFE3-1BC7-4CAC-B3F8-981B3F267CFE", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "9B048CEB-E1D0-4EF1-9BD3-966CB9E147D8", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "A72217A3-4591-4C52-AB37-7FD652276569", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "51EFD6C4-C1AC-45D7-909F-6B074B32090E", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "8C1B75F5-F426-4877-9004-1F714B2A4968", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "2F150E51-4E03-40A8-8099-E5BE13234DD9", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "8D839D59-8090-4158-A2C2-847DEDD9674D", versionEndExcluding: "3.5.15.30", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "E278A9AE-5684-4F7E-B253-0F70CA835322", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", matchCriteriaId: "650315EF-4AC2-4B5B-A5A1-8ABBE6C398B6", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.8.60", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C46635-3068-4DDA-8527-2E473763E652", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "B7F22E48-0C8D-47C2-8C88-F35ED1027465", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.9.80", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5A487191-D2CD-484B-88D3-C7A1EFD8C19B", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "0B3462D2-9AA7-4046-B491-36A2A9970BA7", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", matchCriteriaId: "4F4FCCC9-6069-47D6-AB46-65697F7AE58D", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "375689F5-9B58-491C-BD1C-2CF5C9CEB474", versionEndExcluding: "3.5.15.30", versionStartIncluding: "3.5.9.40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.", }, { lang: "es", value: "CODESYS Control versión V3, Gateway versión V3 y HMI versiones V3 anteriores a 3.5.15.30, permiten una asignación de memoria no controlada que puede resultar en una condición de denegación de servicio remota.", }, ], id: "CVE-2020-7052", lastModified: "2024-11-21T05:36:34.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T20:15:10.970", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-17 16:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_win | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | linux | * | |
| codesys | runtime_system_toolkit | * | |
| codesys | safety_sil2 | * | |
| codesys | simulation_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "958821C8-142A-4B67-857B-63A6AD53E1B8", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "B9940444-8CFD-4044-8662-FDC11E93E6E4", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "805D48DF-DA8F-40AB-B7AE-B2F0A75616E9", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "EAEAC81A-4FFA-4692-961D-7DF58E2B0CDE", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "2506A775-D1FB-4C2F-98EC-B781AA19E340", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "963C9351-B167-4C1F-914E-A7009A532A0F", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "0A5F978B-5245-41D9-B11C-B27703A2A090", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "1429532E-76A8-4987-B916-AA3FD7C37E06", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "563FD9B0-D6F5-4A4C-A43D-555C2DC60DD4", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "ABFC0D89-BD79-4032-B0CA-08C4F8EA1776", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:linux:*:*:*:*:*:*:*:*", matchCriteriaId: "4A2B09D6-8FD2-46FA-A1B2-55B7E996D71B", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "417EFF04-1584-44C3-8AD9-593174089A31", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", matchCriteriaId: "139851DD-0E16-4C8D-AA55-0231B2C443A7", versionEndExcluding: "3.5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "3FB11CE8-8B22-4D2D-A0A9-4D23C30A3FF5", versionEndExcluding: "3.5.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.", }, { lang: "es", value: "Se descubrió un problema en 3S-Smart CODESYS versiones anteriores a 3.5.15.0. Unos paquetes de red diseñados causan que el Control Runtime se bloquee.", }, ], id: "CVE-2019-9009", lastModified: "2024-11-21T04:50:48.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-17T16:15:11.077", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-17 14:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com/ | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_win | * | |
| codesys | hmi | * | |
| codesys | simulation_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "A5C54235-616B-47A4-A1C5-E8AB7347AFAC", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "0AF7E264-FB36-4BB4-8A8F-4437D637334F", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "9EB64F24-4001-4874-83D3-38413FC94ADD", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A61193-758A-4540-A039-1C8DC0D61B67", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "54022CAB-4847-4E4F-AB14-172649195ACB", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "43B850F0-C963-4C99-9D66-6D72936B4CD7", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "C62EF2A3-DF28-4B1E-91C3-25F105CDCA39", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "CF2E5D2E-2E4C-44B1-8A17-58439295ADE1", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "35EE8235-EF64-4FF7-AFD5-F14D7C0A7BCF", versionEndExcluding: "3.5.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "44D78350-294B-4477-828D-C9289A1D985E", versionEndExcluding: "3.5.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.", }, { lang: "es", value: "Se detectó un problema en 3S-Smart CODESYS V3 versiones hasta 3.5.12.30. Un usuario con pocos privilegios puede tomar el control total sobre el tiempo de ejecución.", }, ], id: "CVE-2019-9008", lastModified: "2024-11-21T04:50:48.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-17T14:15:10.890", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.codesys.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-23 11:15
Modified
2024-11-21 04:03
Severity ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "B29080C3-A6D8-40D6-8C24-177C00FA27F0", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "B980C936-557F-4F14-A692-165129625A62", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "D282ECAB-FA07-4A81-8F43-AC46A08422D4", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "AC1C508C-6817-42E7-9B4C-CDCAC7477304", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "C1ECCA6D-3F95-4924-9CC6-7315B1608217", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "093C888E-8328-45E9-882C-39D7FBE8E251", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "4E767B6C-7762-4F3C-A8B0-BEC9C1C238D8", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "2DDCE092-30E5-43FB-A20F-A712DFD7B1C3", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "A47EA342-7BDA-4707-9A23-142126C407C1", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "A0FE0CC3-99BF-46BF-907D-E8F2785310BB", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "157E617E-7432-464A-AEC4-29D3806FA2D2", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "D95B012B-C9B0-4E2A-934B-3ECDE463722E", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:*", matchCriteriaId: "8931A117-72B6-4B1C-BF56-E7925D07A790", versionEndExcluding: "2.4.7.52", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:*", matchCriteriaId: "46335A20-A1BF-4E5B-BB1D-B7A4AFF6DB08", versionEndExcluding: "2.4.7.52", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "7A3A8DFF-705F-4562-87CE-E899C5DC2D18", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "9DD3AD40-BEE7-428D-B1F0-1349E10A9DD5", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], id: "CVE-2018-25048", lastModified: "2024-11-21T04:03:26.283", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "info@cert.vde.com", type: "Primary", }, ], }, published: "2023-03-23T11:15:12.730", references: [ { source: "info@cert.vde.com", tags: [ "Not Applicable", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], sourceIdentifier: "info@cert.vde.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "info@cert.vde.com", type: "Primary", }, ], }
cve-2021-29242
Vulnerability from cvelistv5
Published
2021-05-03 13:56
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/index.php | x_refsource_MISC | |
| https://www.codesys.com/security/security-reports.html | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://customers.codesys.com/index.php", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.codesys.com/security/security-reports.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-03T13:56:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://customers.codesys.com/index.php", }, { tags: [ "x_refsource_MISC", ], url: "https://www.codesys.com/security/security-reports.html", }, { tags: [ "x_refsource_MISC", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-29242", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://customers.codesys.com/index.php", refsource: "MISC", url: "https://customers.codesys.com/index.php", }, { name: "https://www.codesys.com/security/security-reports.html", refsource: "MISC", url: "https://www.codesys.com/security/security-reports.html", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=", refsource: "MISC", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-29242", datePublished: "2021-05-03T13:56:06", dateReserved: "2021-03-25T00:00:00", dateUpdated: "2024-08-03T22:02:51.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15806
Vulnerability from cvelistv5
Published
2020-07-22 18:14
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.codesys.com | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | x_refsource_CONFIRM | |
| https://www.tenable.com/security/research/tra-2020-46 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:22.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.codesys.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T22:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.codesys.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2020-46", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15806", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.codesys.com", refsource: "MISC", url: "https://www.codesys.com", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=", }, { name: "https://www.tenable.com/security/research/tra-2020-46", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2020-46", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15806", datePublished: "2020-07-22T18:14:43", dateReserved: "2020-07-17T00:00:00", dateUpdated: "2024-08-04T13:30:22.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7052
Vulnerability from cvelistv5
Published
2020-01-24 19:31
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-04 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:02.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-24T19:31:58", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2020-04", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-7052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2020-04", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2020-04", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-7052", datePublished: "2020-01-24T19:31:59", dateReserved: "2020-01-14T00:00:00", dateUpdated: "2024-08-04T09:18:02.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-25048
Vulnerability from cvelistv5
Published
2023-03-23 10:45
Modified
2025-02-19 21:00
Severity ?
EPSS score ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-25048", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T21:00:23.308028Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T21:00:29.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Control for BeagleBone", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: " Control for emPC-A/iMX6", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for IOT2000", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for PFC100", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for PFC200", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for Raspberry Pi", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control RTE V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control Win V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Simulation Runtime (part of the CODESYS Development System)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "HMI V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Remote Target Visu (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control V3 Runtime System Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Embedded Target Visu Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Remote Target Visu Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime Toolkit 32 bit embedded", vendor: "CODESYS", versions: [ { lessThan: "2.3.2.10", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime Toolkit 32 bit full", vendor: "CODESYS", versions: [ { lessThan: "2.4.7.52", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime PLCWinNT", vendor: "CODESYS", versions: [ { lessThan: "2.4.7.52", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: " Prosoft-Systems Ltd.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-23T10:45:36.900Z", orgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", shortName: "CERTVDE", }, references: [ { url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], source: { defect: [ "CERT@VDE#64324", ], discovery: "EXTERNAL", }, title: "Codesys Runtime Improper Limitation of a Pathname", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", assignerShortName: "CERTVDE", cveId: "CVE-2018-25048", datePublished: "2023-03-23T10:45:36.900Z", dateReserved: "2022-12-07T12:06:08.365Z", dateUpdated: "2025-02-19T21:00:29.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9009
Vulnerability from cvelistv5
Published
2019-09-17 15:34
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:31:37.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T11:23:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9009", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9009", datePublished: "2019-09-17T15:34:42", dateReserved: "2019-02-22T00:00:00", dateUpdated: "2024-08-04T21:31:37.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9008
Vulnerability from cvelistv5
Published
2019-09-17 13:15
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.codesys.com/ | x_refsource_MISC | |
| https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | third-party-advisory, x_refsource_CERT | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:31:37.527Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.codesys.com/", }, { name: "US Computer Emergency Readiness Team", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T11:43:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.codesys.com/", }, { name: "US Computer Emergency Readiness Team", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9008", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.codesys.com/", refsource: "MISC", url: "https://www.codesys.com/", }, { name: "US Computer Emergency Readiness Team", refsource: "CERT", url: "https://www.us-cert.gov/ics/advisories/icsa-19-255-03", }, { name: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", refsource: "CONFIRM", url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9008", datePublished: "2019-09-17T13:15:32", dateReserved: "2019-02-22T00:00:00", dateUpdated: "2024-08-04T21:31:37.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }