Vulnerabilites related to codesys - control_for_empc-a\/imx6
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
cve@mitre.org | https://www.codesys.com | Vendor Advisory | |
cve@mitre.org | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE57E7D-63C1-470F-A95B-B9DA3A586E04", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B5F06D0-5224-4D76-A856-9AB57BF87D59", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB388FBB-8512-4FCE-A754-A82239A911B9", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "41722BB1-40F6-4D12-9A00-156D04C92097", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E56A636-9DC3-411D-B287-308A2BAC759D", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "82614FBA-2612-4FA4-988B-D67E80B5DDA7", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "387FB2B8-5435-4054-94A4-0AE60A42FB0C", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B7517E0-0D9C-4AA8-B8A9-7F1420FE4616", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C80CDF5-5264-41CD-A475-E46C3E941F4A", "versionEndExcluding": "3.5.16.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*", "matchCriteriaId": "6097C902-F24A-4408-8E2C-C90F0AB67E13", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", "matchCriteriaId": "2DDE8129-4CEE-440B-B0D1-29BB93D1ACE8", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CF52B1D-7AF9-4DAD-A8E7-6CB7CC060E08", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "E86A4C83-B82D-4D2F-96C6-C8F66B7AB947", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.5.9.80", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "890104AC-5CB4-466D-9CC0-F39E8B24BD9D", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CE9850A-47B3-4C37-90C0-FF9516DF025F", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.5.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "31C2638C-D4C4-4C71-A873-E7836802E6FE", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A09DAE1-678B-49A2-88CE-CFF4F514673E", "versionEndExcluding": "3.5.16.10", "versionStartIncluding": "3.5.9.40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation." }, { "lang": "es", "value": "El sistema del tiempo de ejecuci\u00f3n de Control CODESYS, versiones anteriores a 3.5.16.10, permite una Asignaci\u00f3n de Memoria No Controlada" } ], "id": "CVE-2020-15806", "lastModified": "2024-11-21T05:06:13.097", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-07-22T19:15:12.317", "references": [ { "source": "cve@mitre.org", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.codesys.com" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2020-46" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.codesys.com" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2020-46" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-401" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-17 14:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | Vendor Advisory | |
cve@mitre.org | https://www.codesys.com/ | Vendor Advisory | |
cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download= | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-03 | Third Party Advisory, US Government Resource |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
codesys | control_for_beaglebone | * | |
codesys | control_for_empc-a\/imx6 | * | |
codesys | control_for_iot2000 | * | |
codesys | control_for_pfc100 | * | |
codesys | control_for_pfc200 | * | |
codesys | control_for_raspberry_pi | * | |
codesys | control_rte | * | |
codesys | control_win | * | |
codesys | hmi | * | |
codesys | simulation_runtime | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5C54235-616B-47A4-A1C5-E8AB7347AFAC", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF7E264-FB36-4BB4-8A8F-4437D637334F", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EB64F24-4001-4874-83D3-38413FC94ADD", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3A61193-758A-4540-A039-1C8DC0D61B67", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "54022CAB-4847-4E4F-AB14-172649195ACB", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "43B850F0-C963-4C99-9D66-6D72936B4CD7", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "C62EF2A3-DF28-4B1E-91C3-25F105CDCA39", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF2E5D2E-2E4C-44B1-8A17-58439295ADE1", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "35EE8235-EF64-4FF7-AFD5-F14D7C0A7BCF", "versionEndExcluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "44D78350-294B-4477-828D-C9289A1D985E", "versionEndExcluding": "3.5.13.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime." }, { "lang": "es", "value": "Se detect\u00f3 un problema en 3S-Smart CODESYS V3 versiones hasta 3.5.12.30. Un usuario con pocos privilegios puede tomar el control total sobre el tiempo de ejecuci\u00f3n." } ], "id": "CVE-2019-9008", "lastModified": "2024-11-21T04:50:48.050", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-17T14:15:10.890", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12939\u0026token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987\u0026download=" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.codesys.com/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12939\u0026token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.codesys.com/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-732" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-17 16:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
codesys | control_for_beaglebone | * | |
codesys | control_for_empc-a\/imx6 | * | |
codesys | control_for_iot2000 | * | |
codesys | control_for_pfc100 | * | |
codesys | control_for_pfc200 | * | |
codesys | control_for_raspberry_pi | * | |
codesys | control_rte | * | |
codesys | control_win | * | |
codesys | gateway | * | |
codesys | hmi | * | |
codesys | linux | * | |
codesys | runtime_system_toolkit | * | |
codesys | safety_sil2 | * | |
codesys | simulation_runtime | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "958821C8-142A-4B67-857B-63A6AD53E1B8", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9940444-8CFD-4044-8662-FDC11E93E6E4", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "805D48DF-DA8F-40AB-B7AE-B2F0A75616E9", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAEAC81A-4FFA-4692-961D-7DF58E2B0CDE", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "2506A775-D1FB-4C2F-98EC-B781AA19E340", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "963C9351-B167-4C1F-914E-A7009A532A0F", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A5F978B-5245-41D9-B11C-B27703A2A090", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "1429532E-76A8-4987-B916-AA3FD7C37E06", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "563FD9B0-D6F5-4A4C-A43D-555C2DC60DD4", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABFC0D89-BD79-4032-B0CA-08C4F8EA1776", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A2B09D6-8FD2-46FA-A1B2-55B7E996D71B", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "417EFF04-1584-44C3-8AD9-593174089A31", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "matchCriteriaId": "139851DD-0E16-4C8D-AA55-0231B2C443A7", "versionEndExcluding": "3.5.15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FB11CE8-8B22-4D2D-A0A9-4D23C30A3FF5", "versionEndExcluding": "3.5.15.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en 3S-Smart CODESYS versiones anteriores a 3.5.15.0. Unos paquetes de red dise\u00f1ados causan que el Control Runtime se bloquee." } ], "id": "CVE-2019-9009", "lastModified": "2024-11-21T04:50:48.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-17T16:15:11.077", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download=" }, { "source": "cve@mitre.org", "tags": [ "Mitigation", "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-03-26 04:15
Modified
2024-11-21 04:55
Severity ?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EA61ACB-5690-42D7-8420-E77E58D5BA4D", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5FB5ED1-0B3C-4426-AC3E-621C230AE38C", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "1477C3BF-2636-4D41-B951-CED7CAE6731A", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "82047F2C-2D3D-4D6C-9DAE-512BD9639747", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "E832FD04-9206-4881-8695-8FA7FE788EE7", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "C21D2A80-B830-483F-A748-2F082D369C73", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CD92E41-9C0A-47E0-8B90-181A2ECC4627", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "491C7EFF-D620-40EB-B112-9D0B2AC62B76", "versionEndExcluding": "3.5.15.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "75BA05C4-3066-4354-9F99-232D181D0CA6", "versionEndExcluding": "3.5.15.40", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", "matchCriteriaId": "D3281307-8315-42A5-84FD-C683C54B603A", "versionEndExcluding": "3.5.15.40", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "E095D809-8408-4FEE-874F-1F021EC7E97E", "versionEndExcluding": "3.5.15.40", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "43EBED50-DFA9-430B-8B3C-8994E2E43470", "versionEndExcluding": "3.5.15.40", "versionStartIncluding": "3.5.9.80", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "93ACEEA3-B958-4070-86F0-5C84869A13E7", "versionEndExcluding": "3.5.15.40", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4CF0416-A09F-46CF-8285-A46E7F1A2F8C", "versionEndExcluding": "3.5.15.40", "versionStartIncluding": "3.5.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBC06C9A-3D60-46FF-BCF4-B1C472DB3850", "versionEndExcluding": "3.5.15.40", "versionStartIncluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow." }, { "lang": "es", "value": "El servidor web CODESYS versiones V3 anteriores a 3.5.15.40, como es usado en los sistemas de tiempo de ejecuci\u00f3n CODESYS Control, presenta un desbordamiento del b\u00fafer." } ], "id": "CVE-2020-10245", "lastModified": "2024-11-21T04:55:03.253", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-03-26T04:15:11.533", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2020-16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2020-16" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-17 19:15
Modified
2024-11-21 04:25
Severity ?
Summary
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
References
▶ | URL | Tags | |
---|---|---|---|
ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-255-04 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-04 | Third Party Advisory, US Government Resource |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
codesys | control_for_beaglebone | * | |
codesys | control_for_empc-a\/imx6 | * | |
codesys | control_for_iot2000 | * | |
codesys | control_for_pfc100 | * | |
codesys | control_for_pfc200 | * | |
codesys | control_for_raspberry_pi | * | |
codesys | control_rte | * | |
codesys | control_win | * | |
codesys | linux | * | |
codesys | runtime_system_toolkit | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "71439C06-3F84-4AC4-AC41-4E0AB9AC210C", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "11BD175F-8CBB-45A0-870D-E56E6B57FBB2", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EA5147D-D5AB-4352-95EE-0D90C80781B5", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "45DBEFC0-1336-4170-8EA7-A6871AC505CD", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C5F1F99-93B3-4F16-B864-023F956601FF", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AF22400-3C26-4D90-AC04-FCAC171EE435", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "67E16675-C26E-43C4-9140-CCA4E466C693", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "E32E1F58-72F8-410B-A8C3-7E8DEA67D4A3", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "40343F22-A7DB-4EFF-A58C-957128A7AC96", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC74338D-F093-4D49-B56D-3EF17232F98A", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition." }, { "lang": "es", "value": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, todas las versiones desde 3.5.11.0 hasta 3.5.15.0, permite a un atacante enviar peticiones dise\u00f1adas desde un cliente OPC UA confiable que causa una desreferencia del puntero NULL, lo que puede desencadenar una condici\u00f3n de denegaci\u00f3n de servicio." } ], "id": "CVE-2019-13542", "lastModified": "2024-11-21T04:25:06.737", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-17T19:15:10.757", "references": [ { "source": "ics-cert@hq.dhs.gov", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04" } ], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "ics-cert@hq.dhs.gov", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-11 11:15
Modified
2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15", "versionEndExcluding": "4.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062", "versionEndExcluding": "4.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*", "matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F", "versionEndExcluding": "3.5.18.20", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected." }, { "lang": "es", "value": "En CmpChannelServer de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicaci\u00f3n. Las conexiones existentes no est\u00e1n afectadas" } ], "id": "CVE-2022-30792", "lastModified": "2024-11-21T07:03:23.950", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2022-07-11T11:15:08.240", "references": [ { "source": "info@cert.vde.com", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "info@cert.vde.com", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-20 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | Vendor Advisory | |
cve@mitre.org | https://www.tenable.com/security/research/tra-2019-48 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-48 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EC6B28E-A811-41B3-8211-5C00F43501B0", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "C35E21FB-D148-4295-8F6E-250276198B78", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B3FD146-88C2-4091-9A95-5F1734B4FBC9", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A300E3F-5BF6-455E-ADDC-D7443254F049", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "1502A884-95A6-4587-8EFA-82374251CD3A", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "02BEA387-FF44-4AF9-8B80-CD8D6E7F4549", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D16B0FB-C69F-4D02-9598-22ADD027D9AA", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA7D956E-7844-4F3D-BF27-E38E5D2B0A68", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "15CFC3A8-1D5C-486E-97CB-0F38E9874B96", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "02ED0463-8628-488A-B931-683A2C0205B9", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CFF4CBE-6291-479D-BC3C-379C7F7D8337", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4D32C64-2C59-461B-8E33-A4EDF31E886E", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "95BE3C03-7A36-4AD8-B5E9-BD91BD729B72", "versionEndExcluding": "3.5.15.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1451AE82-855F-425C-9C30-2B96F4B8F2EC", "versionEndExcluding": "3.5.15.20", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow." }, { "lang": "es", "value": "El servidor web CODESYS 3 versiones anteriores a la versi\u00f3n 3.5.15.20, distribuido con los sistemas de tiempo de ejecuci\u00f3n CODESYS Control, tiene un desbordamiento de b\u00fafer." } ], "id": "CVE-2019-18858", "lastModified": "2024-11-21T04:33:43.753", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-20T18:15:10.917", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2019-48" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2019-48" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-14 21:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFAF3E76-D917-48FA-BE80-7CEF592359F3", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "977B88F5-FA46-41A6-B65E-034EEBA19755", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6E1A555-20F2-4C1D-824C-9BFE5A8C1184", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "03FB53F8-F076-41FB-B556-077F99584B76", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B23429-F3C9-4414-A3C8-FDEA5D0DFE96", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation." }, { "lang": "es", "value": "Se detect\u00f3 un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios." } ], "id": "CVE-2020-12068", "lastModified": "2024-11-21T04:59:12.677", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-14T21:15:13.260", "references": [ { "source": "cve@mitre.org", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=" }, { "source": "cve@mitre.org", "tags": [ "Product" ], "url": "https://www.codesys.com" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product" ], "url": "https://www.codesys.com" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-13 17:15
Modified
2024-11-21 04:25
Severity ?
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
References
▶ | URL | Tags | |
---|---|---|---|
ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC95996F-4E60-4CCE-BC7D-2F998969455D", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCE0D6F6-86D9-488A-A02B-48F4BD6F67D4", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "08C05889-826B-411F-AD6A-F18C432A3B1F", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "225A5B49-7DB5-4B80-A560-5BEE65A7FC3D", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E6DD82E-5047-4E7B-8C73-3BF8FD112F3A", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "47A9B7EB-229C-4A23-9BB7-72A5ABD61279", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "43092C73-1302-4915-B2BC-59058FF61EFA", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9392852-7BEF-402C-9ED4-2D7D40955311", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB77946F-7038-40FD-8204-B777ED0E59D2", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1CB113B-1207-43D9-A999-42B08AD50EB2", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE519838-FADF-43EA-9723-9283C0E18E85", "versionEndIncluding": "3.5.12.80", "versionStartIncluding": "3.5.9.80", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "3466070E-1377-4272-AC73-717B9DEC144C", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "07A7C9E7-ABF4-4C29-AF16-E697E35CFFC7", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD2CDAC2-F8EB-45F4-82E2-5E5601F49D8A", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AC3C628-281A-4E8E-ADE6-4CE976E187D4", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "08230AB2-9EA0-4F98-8CE5-0A9ADB2B2334", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution." }, { "lang": "es", "value": "El servidor web de CODESYS V3, todas las versiones anteriores a 3.5.14.10, permite a un atacante enviar peticiones http o https especialmente dise\u00f1adas que podr\u00edan causar un desbordamiento de la pila y crear una condici\u00f3n de denegaci\u00f3n de servicio o permitir la ejecuci\u00f3n de c\u00f3digo remota." } ], "id": "CVE-2019-13548", "lastModified": "2024-11-21T04:25:07.460", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-13T17:15:11.693", "references": [ { "source": "ics-cert@hq.dhs.gov", "tags": [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "ics-cert@hq.dhs.gov", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-13 17:15
Modified
2024-11-21 04:25
Severity ?
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
References
▶ | URL | Tags | |
---|---|---|---|
ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-01 | Mitigation, Patch, Third Party Advisory, US Government Resource |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC95996F-4E60-4CCE-BC7D-2F998969455D", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCE0D6F6-86D9-488A-A02B-48F4BD6F67D4", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "08C05889-826B-411F-AD6A-F18C432A3B1F", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "225A5B49-7DB5-4B80-A560-5BEE65A7FC3D", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E6DD82E-5047-4E7B-8C73-3BF8FD112F3A", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "47A9B7EB-229C-4A23-9BB7-72A5ABD61279", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "43092C73-1302-4915-B2BC-59058FF61EFA", "versionEndExcluding": "3.5.14.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9392852-7BEF-402C-9ED4-2D7D40955311", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB77946F-7038-40FD-8204-B777ED0E59D2", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1CB113B-1207-43D9-A999-42B08AD50EB2", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE519838-FADF-43EA-9723-9283C0E18E85", "versionEndIncluding": "3.5.12.80", "versionStartIncluding": "3.5.9.80", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "3466070E-1377-4272-AC73-717B9DEC144C", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "07A7C9E7-ABF4-4C29-AF16-E697E35CFFC7", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD2CDAC2-F8EB-45F4-82E2-5E5601F49D8A", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AC3C628-281A-4E8E-ADE6-4CE976E187D4", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "08230AB2-9EA0-4F98-8CE5-0A9ADB2B2334", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller." }, { "lang": "es", "value": "El servidor web de CODESYS V3, todas las versiones anteriores a 3.5.14.10, permite a un atacante enviar peticiones http o https especialmente dise\u00f1adas que pueden conceder el acceso a archivos fuera del directorio de trabajo restringido del controlador." } ], "id": "CVE-2019-13532", "lastModified": "2024-11-21T04:25:05.470", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-13T17:15:11.617", "references": [ { "source": "ics-cert@hq.dhs.gov", "tags": [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Patch", "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "ics-cert@hq.dhs.gov", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-11 11:15
Modified
2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15", "versionEndExcluding": "4.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062", "versionEndExcluding": "4.6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*", "matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30", "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95", "versionEndExcluding": "3.5.18.20", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F", "versionEndExcluding": "3.5.18.20", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected." }, { "lang": "es", "value": "En CmpBlkDrvTcp de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no est\u00e1n afectadas" } ], "id": "CVE-2022-30791", "lastModified": "2024-11-21T07:03:23.800", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2022-07-11T11:15:08.177", "references": [ { "source": "info@cert.vde.com", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "info@cert.vde.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-26 19:15
Modified
2025-05-05 14:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:pilz:pmc:*:*:*:*:*:*:*:*", "matchCriteriaId": "1603B9DF-B514-409E-BCB4-9366F9457EB7", "versionEndExcluding": "3.5.17", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7492683-673C-495F-9748-E3467F547F3B", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte_v3:*:*:*:*:*:*:*:*", "matchCriteriaId": "14130B51-A172-4F7B-8C66-EC77BC88E7B7", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6D33373-E3FC-468A-9CDC-9902C58A6506", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win_v3:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FF3AC84-140D-4F59-8624-714F974DFE42", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi_v3:*:*:*:*:*:*:*:*", "matchCriteriaId": "620EFF51-16DA-4A0F-AB32-E42D064EDC21", "versionEndExcluding": "3.5.16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:v3_simulation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "09EFCCBD-8961-4E2F-90F3-452EB2B354C1", "versionEndExcluding": "3.5.16.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5949D80D-9E1D-4F4C-A64F-3C24F77E1961", "vulnerable": true }, { "criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "6479AA1B-D587-47F0-8695-CB3E9DFE96DA", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:festo:controller_cecc-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5F17E63-45C3-48C7-916C-272FEB02E8C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CF6A2F0-0190-48FF-BB9A-C7651D92A24A", "vulnerable": true }, { "criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB868741-D7A8-4DDB-A2A3-1074D6B9DD85", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:festo:controller_cecc-lk:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA82BF77-3362-46A9-8ED3-BD7A07779562", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B703F63E-C0DA-4426-9378-3A7A6E3E5060", "vulnerable": true }, { "criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "37695435-4E04-4B5E-8D85-B9786A740C07", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:festo:controller_cecc-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "07DFC73D-3164-402D-A7D0-D37610206F8D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8217_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA5412C2-6982-4A66-B440-51DEF02F2C11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*", "matchCriteriaId": "B23CD8FD-FC7A-4E24-BF8F-648478D82645", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6766E924-B6F0-4B49-AC5C-4635DFFA9E52", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B854F74-173E-4523-BBA7-8FF7A9B9880E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8215_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB1544BB-CDDE-4E32-8D64-F6A65DC2B6CC", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8215:-:*:*:*:*:*:*:*", "matchCriteriaId": "577EDC26-671C-4703-BBF0-FE93AFEA81E1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E1169B9-53BD-47CF-BF19-17DBC0703B51", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*", "matchCriteriaId": "979A8E43-4285-4A7B-BB0B-E6888117862C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D4E7F6-CEAE-456D-AF2D-9A6B3D6B2F45", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*", "matchCriteriaId": "4969E8EB-EF09-47B9-8F03-37BB87CFD048", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D577EB6B-E29C-4E0A-816F-0231ADA84A07", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*", "matchCriteriaId": "20BBC380-0F6E-4400-93AF-5B6CFEF00562", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3A5FA7D-E0FF-4676-BFE8-70EF94C7C349", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CD6B267-3E4B-4597-82A6-130D6F21C728", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5065C4C4-E09F-4B09-B2BD-2B8BC7451C3E", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E11758B-46C3-4E57-943A-C9C073AE5211", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B6F7A7E-4E7E-4721-A30E-2629B700E184", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA98A0D9-B050-430B-96C5-15932438FD3A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E97F6B2-2065-4726-88D9-80145F3C23C5", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A035FB07-360A-479D-A6B3-979CCE07A8D7", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AF14BE1-1EB5-423B-9FE7-E401AEF92553", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F174A297-EF2D-491D-BF24-02E52ABE1CCA", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC428EC8-532A-4825-BCE3-C42A4BC01C68", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC08CA50-30F0-4970-A688-447FD6ABA0E7", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*", "matchCriteriaId": "23B02096-81A5-4823-94F3-D87F389397DE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C24AAFAF-2BB2-4C90-A294-794D76FEF295", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*", "matchCriteriaId": "A409E2AA-49AC-4967-8984-070FC9AD06E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C07A6921-5664-4DDB-BB9E-32375B6ADDAD", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*", "matchCriteriaId": "3111C2A1-CABC-42BF-9EB1-66667A7269C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BAFAAD6-8F69-4C71-8A88-CD9FDACF1485", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*", "matchCriteriaId": "33C4EEF3-EB06-4A8E-9BB2-0FE0AC3A6B7C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4201\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB6C8A59-2E86-4E4E-AABF-BFA48A4C5733", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4201\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2E54B6A-82B1-4AFA-BBA0-1998B5DE0BBD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4202\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6500D1ED-60AC-45E2-921B-5F7735B265BF", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4202\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "09484C17-CD67-44E3-BA2D-0F718D888B0F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4203\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F53B32B-C496-49AD-85F1-D7CA256FCE40", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4203\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E5672E3-7B4C-4FAF-955E-04EEB9E5B210", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4204\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6951A92E-974E-4361-9551-CE5D58D82D14", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4204\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C9E9B25-5C96-4665-9DC2-DD11905331AE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4205\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "86F222E9-8105-477C-BC4D-558751183C52", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4205\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "A646213B-FF88-4A28-91B8-E21BD3710DF1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4205\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7E68AF4-175D-49A2-AD1C-002845FE0C3D", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4205\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2569546-AC58-420F-8FE6-90BA904DF6AF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4206\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1D621FF-BF0B-4E20-97A0-8A53C68C5A89", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4206\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "39A1F780-B010-4C95-B1B8-3A2D34938223", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4206\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66A5AE5B-619A-400F-B4B2-10884F64369F", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4206\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "C88834C9-E823-4B11-91D2-8E2264D5E3D2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4301\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5A57157-6B49-402E-9533-828E59C67649", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4301\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4302\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFADF5D8-9EAA-4D93-A4ED-315BE26D0BBA", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4302\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4303\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "523A4534-4A47-4E29-B33C-85C13B9523B1", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4303\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A5421E8-67EA-4D0D-889F-A64DA70E7695", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4304\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FD6DA33-2CB6-483D-8F89-B8D0C6A73FA7", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4304\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DB95678-6815-4FB6-AA22-E6FEC011B269", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4305\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6386C510-8897-4EF8-8A5C-EB869FEF98A1", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4305\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6C67678-4BC4-417A-AD6E-FB60B0F7A384", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-4306\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94D29BB6-F958-4BD5-BFCB-A2B914C0885A", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-4306\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "082B2ECB-179E-4DE9-856F-EDDBB42AF318", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5203\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0108A9FD-18D0-4D5B-92BE-641C81BFD17D", "versionEndIncluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5203\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DBE3A7A-F96D-41B8-A150-BA5DC144DAA1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5204\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD2E2CCA-74C4-40E5-931B-AB307357D658", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5204\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3EE3467-287E-4729-8C2B-3F43B92A49B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5205\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CE8AF21-A70F-4EF5-A6A2-00C953B6181C", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5205\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "13B53684-BFE1-4100-9624-A034119E7CAA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5206\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D1405E2-8561-4F3E-983C-C294BA6351CF", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5206\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CD7B74F-71F9-4B0F-A9EB-EEA6FBEF81FB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5303\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94443EB3-0519-4238-B637-4FDB0B20ACCE", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5303\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D4FF612-453D-4287-8989-2779A6F6A0A7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5304\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "833276FD-3A3B-4B83-94BA-589ADEF2010D", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5304\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "80089A85-1174-4E47-BC36-69DD11A3FFF8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5305\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D779360-F243-47C4-86A7-FF5020238F42", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5305\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "91554389-BCF9-48EB-B198-A192BAE6206D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-5306\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "151B1218-958A-4BE3-925F-D95F5ADCD942", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-5306\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "E65CA42E-371C-407C-84F9-64AC3F02FFE2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6201\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "334E43C5-CD20-4DCF-805D-34E75E4AE8C4", "versionEndIncluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6201\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6202\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEE9E55C-1241-40D2-9357-AF657BBEFB28", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6202\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF4E78EB-C91E-4E92-AF9F-90300EE96E03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6203\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1805464-9B11-41E3-A80A-8FC5299A6E50", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6203\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "C98F37AB-BFC5-49C2-B8FD-21AA0266C703", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6204\\/8000-001_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "979D2D35-114F-4B23-A3E9-0F0A619B4AF9", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6204\\/8000-001:-:*:*:*:*:*:*:*", "matchCriteriaId": "422F9EEC-8516-4692-93DE-BB0F385D2BD1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6301\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "71DF0E46-8E22-49B5-B1E1-5B3CBAA7FD1E", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6301\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "742F9265-3770-4B4E-A327-2202E2DAEA84", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6302\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FAE1A9D-1A41-475C-83D7-E9E0105E70BC", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6302\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3FDB659-7FF2-4272-9818-3517AC55BFFD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6303\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C90343DF-DA2F-4AAE-AD85-AC715C838E47", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6303\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E7E5506-BA01-4B6F-9475-3F2056019858", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:762-6304\\/8000-002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FE417E0-9A5F-4C68-BF1B-10535FEF4B19", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:762-6304\\/8000-002:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E8E97AD-B5B4-4F54-A8B8-52E83F34C33D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:wago:752-8303\\/8000-0002_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0090E3E-5CB8-4363-9CA0-A9165910BD9A", "versionEndExcluding": "03.06.19\\(18\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:wago:752-8303\\/8000-0002:*:*:*:*:*:*:*:*", "matchCriteriaId": "922FBB58-6D8C-42CC-AAB2-5372DF63C280", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device." }, { "lang": "es", "value": "En los productos CODESYS V3 en todas las versiones anteriores a la V3.5.16.0 que contienen CmpUserMgr, el sistema de tiempo de ejecuci\u00f3n de CODESYS Control almacena las contrase\u00f1as de comunicaci\u00f3n en l\u00ednea utilizando un algoritmo hash d\u00e9bil. Esto puede ser utilizado por un atacante local con pocos privilegios para obtener el control total del dispositivo." } ], "id": "CVE-2020-12069", "lastModified": "2025-05-05T14:15:00.537", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-26T19:15:10.520", "references": [ { "source": "info@cert.vde.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2021-061/" }, { "source": "info@cert.vde.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-022/" }, { "source": "info@cert.vde.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-031/" }, { "source": "info@cert.vde.com", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2021-061/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-022/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-031/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download=" } ], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-916" } ], "source": "info@cert.vde.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-916" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-01-24 20:15
Modified
2024-11-21 05:36
Severity ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4E5BF9F-79C9-48D3-9F2D-CCDF73144FCA", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "221CAFE3-1BC7-4CAC-B3F8-981B3F267CFE", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B048CEB-E1D0-4EF1-9BD3-966CB9E147D8", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72217A3-4591-4C52-AB37-7FD652276569", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "51EFD6C4-C1AC-45D7-909F-6B074B32090E", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C1B75F5-F426-4877-9004-1F714B2A4968", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F150E51-4E03-40A8-8099-E5BE13234DD9", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D839D59-8090-4158-A2C2-847DEDD9674D", "versionEndExcluding": "3.5.15.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "E278A9AE-5684-4F7E-B253-0F70CA835322", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", "matchCriteriaId": "650315EF-4AC2-4B5B-A5A1-8ABBE6C398B6", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.5.8.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8C46635-3068-4DDA-8527-2E473763E652", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7F22E48-0C8D-47C2-8C88-F35ED1027465", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.5.9.80", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A487191-D2CD-484B-88D3-C7A1EFD8C19B", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.5.15.10", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B3462D2-9AA7-4046-B491-36A2A9970BA7", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.5.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F4FCCC9-6069-47D6-AB46-65697F7AE58D", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "375689F5-9B58-491C-BD1C-2CF5C9CEB474", "versionEndExcluding": "3.5.15.30", "versionStartIncluding": "3.5.9.40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition." }, { "lang": "es", "value": "CODESYS Control versi\u00f3n V3, Gateway versi\u00f3n V3 y HMI versiones V3 anteriores a 3.5.15.30, permiten una asignaci\u00f3n de memoria no controlada que puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio remota." } ], "id": "CVE-2020-7052", "lastModified": "2024-11-21T05:36:34.220", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-01-24T20:15:10.970", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2020-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.tenable.com/security/research/tra-2020-04" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-03-23 11:15
Modified
2024-11-21 04:03
Severity ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "B29080C3-A6D8-40D6-8C24-177C00FA27F0", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "B980C936-557F-4F14-A692-165129625A62", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "D282ECAB-FA07-4A81-8F43-AC46A08422D4", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC1C508C-6817-42E7-9B4C-CDCAC7477304", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1ECCA6D-3F95-4924-9CC6-7315B1608217", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "093C888E-8328-45E9-882C-39D7FBE8E251", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E767B6C-7762-4F3C-A8B0-BEC9C1C238D8", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DDCE092-30E5-43FB-A20F-A712DFD7B1C3", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "A47EA342-7BDA-4707-9A23-142126C407C1", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0FE0CC3-99BF-46BF-907D-E8F2785310BB", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "157E617E-7432-464A-AEC4-29D3806FA2D2", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "D95B012B-C9B0-4E2A-934B-3ECDE463722E", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "8931A117-72B6-4B1C-BF56-E7925D07A790", "versionEndExcluding": "2.4.7.52", "versionStartIncluding": "2.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:*", "matchCriteriaId": "46335A20-A1BF-4E5B-BB1D-B7A4AFF6DB08", "versionEndExcluding": "2.4.7.52", "versionStartIncluding": "2.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A3A8DFF-705F-4562-87CE-E899C5DC2D18", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DD3AD40-BEE7-428D-B1F0-1349E10A9DD5", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device." } ], "id": "CVE-2018-25048", "lastModified": "2024-11-21T04:03:26.283", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary" } ] }, "published": "2023-03-23T11:15:12.730", "references": [ { "source": "info@cert.vde.com", "tags": [ "Not Applicable" ], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf" } ], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "info@cert.vde.com", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-12-05 15:15
Modified
2024-11-21 08:43
Severity ?
Summary
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
References
▶ | URL | Tags | |
---|---|---|---|
info@cert.vde.com | https://https://cert.vde.com/en/advisories/VDE-2023-066 | Broken Link | |
nvd@nist.gov | https://cert.vde.com/en/advisories/VDE-2023-066 | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://https://cert.vde.com/en/advisories/VDE-2023-066 | Broken Link |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEFEF3B4-03F2-4E09-A8F2-02A0604CB8BF", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2DB55B1-CAFE-435B-8776-DB4D33ED9C98", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D492DB3-94BA-4F14-8119-1610AB4F95EE", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "97D00DF9-EBF1-4DEC-8A49-694871643B9F", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6F207B6-5906-4B39-A5B4-A07F6D5A9BB9", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7791D9E4-CEC3-4658-8E2C-8F08882CE4F4", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CADE021-8D58-4BC5-BA60-A16FE24FBA73", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3948946-E7B8-4D7E-8D1D-80B9E0DB47AF", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C9DF443-E965-4480-B76E-4A25CF2E714F", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5FCD76E-A3F5-4E02-AD3F-B2BDE708A651", "versionEndExcluding": "4.11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "162DB2B8-3426-43F7-848A-BE542C24619C", "versionEndExcluding": "3.5.19.50", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device." }, { "lang": "es", "value": "Un atacante remoto con pocos privilegios podr\u00eda aprovechar la vulnerabilidad e inyectar comandos adicionales del sistema a trav\u00e9s de librer\u00edas del sistema de archivos que podr\u00edan darle al atacante el control total del dispositivo." } ], "id": "CVE-2023-6357", "lastModified": "2024-11-21T08:43:41.900", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary" } ] }, "published": "2023-12-05T15:15:08.983", "references": [ { "source": "info@cert.vde.com", "tags": [ "Broken Link" ], "url": "https://https://cert.vde.com/en/advisories/VDE-2023-066" }, { "source": "nvd@nist.gov", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2023-066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://https://cert.vde.com/en/advisories/VDE-2023-066" } ], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "info@cert.vde.com", "type": "Primary" } ] }
CVE-2019-9009 (GCVE-0-2019-9009)
Vulnerability from cvelistv5
Published
2019-09-17 15:34
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:31:37.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-11T11:23:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download=" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9009", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05" }, { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download=" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9009", "datePublished": "2019-09-17T15:34:42", "dateReserved": "2019-02-22T00:00:00", "dateUpdated": "2024-08-04T21:31:37.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-25048 (GCVE-0-2018-25048)
Vulnerability from cvelistv5
Published
2023-03-23 10:45
Modified
2025-02-19 21:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:26:39.648Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-25048", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-19T21:00:23.308028Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-19T21:00:29.711Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Control for BeagleBone", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Control for emPC-A/iMX6", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for IOT2000", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for PFC100", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for PFC200", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for Raspberry Pi", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control RTE V3 (all variants)", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control Win V3 (all variants)", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "V3 Simulation Runtime (part of the CODESYS Development System)", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "HMI V3 (all variants)", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "V3 Remote Target Visu (all variants)", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control V3 Runtime System Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "V3 Embedded Target Visu Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "V3 Remote Target Visu Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Runtime Toolkit 32 bit embedded", "vendor": "CODESYS", "versions": [ { "lessThan": "2.3.2.10", "status": "affected", "version": "2.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Runtime Toolkit 32 bit full", "vendor": "CODESYS", "versions": [ { "lessThan": "2.4.7.52", "status": "affected", "version": "2.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Runtime PLCWinNT", "vendor": "CODESYS", "versions": [ { "lessThan": "2.4.7.52", "status": "affected", "version": "2.0.0.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": " Prosoft-Systems Ltd." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device." } ], "value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device." } ], "impacts": [ { "capecId": "CAPEC-126", "descriptions": [ { "lang": "en", "value": "CAPEC-126 Path Traversal" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-23T10:45:36.900Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf" } ], "source": { "defect": [ "CERT@VDE#64324" ], "discovery": "EXTERNAL" }, "title": "Codesys Runtime Improper Limitation of a Pathname", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2018-25048", "datePublished": "2023-03-23T10:45:36.900Z", "dateReserved": "2022-12-07T12:06:08.365Z", "dateUpdated": "2025-02-19T21:00:29.711Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-12068 (GCVE-0-2020-12068)
Vulnerability from cvelistv5
Published
2020-05-14 20:29
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
References
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.839Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.codesys.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-14T20:29:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.codesys.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12068", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.codesys.com", "refsource": "MISC", "url": "https://www.codesys.com" }, { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=", "refsource": "MISC", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12068", "datePublished": "2020-05-14T20:29:21", "dateReserved": "2020-04-22T00:00:00", "dateUpdated": "2024-08-04T11:48:57.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-7052 (GCVE-0-2020-7052)
Vulnerability from cvelistv5
Published
2020-01-24 19:31
Modified
2024-08-04 09:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:18:02.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2020-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-24T19:31:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2020-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7052", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2020-04", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-04" }, { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-7052", "datePublished": "2020-01-24T19:31:59", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-18858 (GCVE-0-2019-18858)
Vulnerability from cvelistv5
Published
2019-11-20 17:04
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
References
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:02:39.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-48" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-20T20:07:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-48" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18858", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf", "refsource": "MISC", "url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf" }, { "name": "https://www.tenable.com/security/research/tra-2019-48", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-48" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18858", "datePublished": "2019-11-20T17:04:25", "dateReserved": "2019-11-11T00:00:00", "dateUpdated": "2024-08-05T02:02:39.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-12069 (GCVE-0-2020-12069)
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
CODESYS | CODESYS V3 containing the CmpUserMgr |
Version: V3 < V3.5.16.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:58.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download=" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2021-061/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-031/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-022/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-12069", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-14T16:17:42.834492Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-14T16:17:54.368Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CODESYS V3 containing the CmpUserMgr", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.16.0", "status": "affected", "version": "V3", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device." } ], "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-15T05:40:17.087Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download=" }, { "tags": [ "vendor-advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2021-061/" }, { "tags": [ "vendor-advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-031/" }, { "tags": [ "vendor-advisory" ], "url": "https://cert.vde.com/en/advisories/VDE-2022-022/" } ], "source": { "discovery": "UNKNOWN" }, "title": "CODESYS V3 prone to Inadequate Password Hashing", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12069", "datePublished": "2022-12-26T00:00:00.000Z", "dateReserved": "2020-04-22T00:00:00.000Z", "dateUpdated": "2025-04-14T16:17:54.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-13548 (GCVE-0-2019-13548)
Vulnerability from cvelistv5
Published
2019-09-13 16:58
Modified
2024-08-04 23:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | CODESYS V3 web server |
Version: all versions prior to 3.5.14.10 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:57:39.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "CODESYS V3 web server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "all versions prior to 3.5.14.10" } ] } ], "descriptions": [ { "lang": "en", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-13T16:58:29", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13548", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "CODESYS V3 web server", "version": { "version_data": [ { "version_value": "all versions prior to 3.5.14.10" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13548", "datePublished": "2019-09-13T16:58:29", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-6357 (GCVE-0-2023-6357)
Vulnerability from cvelistv5
Published
2023-12-05 14:29
Modified
2024-08-02 08:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | CODESYS | CODESYS Control for BeagleBone SL |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.783Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://https://cert.vde.com/en/advisories/VDE-2023-066" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for Linux ARM SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.11.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "CODESYS Runtime Toolkit for Linux or QNX", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.50", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Chuya Hayakawa of 00One, Inc." } ], "datePublic": "2023-12-05T14:25:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device." } ], "value": "A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-05T14:29:25.649Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://https://cert.vde.com/en/advisories/VDE-2023-066" } ], "source": { "advisory": "VDE-2023-066", "defect": [ "CERT@VDE#64623" ], "discovery": "UNKNOWN" }, "title": "OS Command Injection in multiple CODESYS products", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2023-6357", "datePublished": "2023-12-05T14:29:25.649Z", "dateReserved": "2023-11-28T07:20:59.774Z", "dateUpdated": "2024-08-02T08:28:21.783Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-13532 (GCVE-0-2019-13532)
Vulnerability from cvelistv5
Published
2019-09-13 16:58
Modified
2024-08-04 23:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL')
Summary
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | CODESYS V3 web server |
Version: all versions prior to 3.5.14.10 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:57:39.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "CODESYS V3 web server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "all versions prior to 3.5.14.10" } ] } ], "descriptions": [ { "lang": "en", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-13T16:58:21", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "CODESYS V3 web server", "version": { "version_data": [ { "version_value": "all versions prior to 3.5.14.10" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13532", "datePublished": "2019-09-13T16:58:21", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-9008 (GCVE-0-2019-9008)
Vulnerability from cvelistv5
Published
2019-09-17 13:15
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:31:37.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.codesys.com/" }, { "name": "US Computer Emergency Readiness Team", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12939\u0026token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-11T11:43:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.codesys.com/" }, { "name": "US Computer Emergency Readiness Team", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12939\u0026token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987\u0026download=" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9008", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.codesys.com/", "refsource": "MISC", "url": "https://www.codesys.com/" }, { "name": "US Computer Emergency Readiness Team", "refsource": "CERT", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03" }, { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12939\u0026token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12939\u0026token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987\u0026download=" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9008", "datePublished": "2019-09-17T13:15:32", "dateReserved": "2019-02-22T00:00:00", "dateUpdated": "2024-08-04T21:31:37.527Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-10245 (GCVE-0-2020-10245)
Vulnerability from cvelistv5
Published
2020-03-26 03:45
Modified
2024-08-04 10:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
► | URL | Tags |
---|---|---|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:58:39.676Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2020-16" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-26T03:49:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2020-16" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10245", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2020-16", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-16" }, { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10245", "datePublished": "2020-03-26T03:45:20", "dateReserved": "2020-03-09T00:00:00", "dateUpdated": "2024-08-04T10:58:39.676Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-30791 (GCVE-0-2022-30791)
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | CODESYS | CODESYS Control RTE (SL) |
Version: V3 < V3.5.18.20 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:03:38.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "CODESYS Control RTE (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control Win (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Gateway", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Edge Gateway for Windows", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Development System V3", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.10", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control Runtime System Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Embedded Target Visu Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Remote Target Visu Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for Beckhoff CX9020 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Edge Gateway for Linux", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] } ], "datePublic": "2022-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-11T10:40:38", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ], "source": { "defect": [ "CERT@VDE#", "64129" ], "discovery": "UNKNOWN" }, "title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-07-08T06:00:00.000Z", "ID": "CVE-2022-30791", "STATE": "PUBLIC", "TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "CODESYS Control RTE (SL)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Control RTE (for Beckhoff CX) SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Control Win (SL)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Gateway", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Edge Gateway for Windows", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS HMI (SL)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Development System V3", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.10" } ] } }, { "product_name": "CODESYS Control Runtime System Toolkit", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Embedded Target Visu Toolkit", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Remote Target Visu Toolkit", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Control for BeagleBone SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for Beckhoff CX9020 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for emPC-A/iMX6 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for IOT2000 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for Linux SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for PFC100 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for PFC200 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for PLCnext SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for Raspberry Pi SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for WAGO Touch Panels 600 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Edge Gateway for Linux", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } } ] }, "vendor_name": "CODESYS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ] }, "source": { "defect": [ "CERT@VDE#", "64129" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-30791", "datePublished": "2022-07-11T10:40:38.913416Z", "dateReserved": "2022-05-16T00:00:00", "dateUpdated": "2024-09-16T16:48:31.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-30792 (GCVE-0-2022-30792)
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | CODESYS | CODESYS Control RTE (SL) |
Version: V3 < V3.5.18.20 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:03:38.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "CODESYS Control RTE (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control Win (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Gateway", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Edge Gateway for Windows", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Development System V3", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.10", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control Runtime System Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Embedded Target Visu Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Remote Target Visu Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for Beckhoff CX9020 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] }, { "product": "CODESYS Edge Gateway for Linux", "vendor": "CODESYS", "versions": [ { "lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom" } ] } ], "datePublic": "2022-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-11T10:40:43", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ], "source": { "defect": [ "CERT@VDE#", "64130" ], "discovery": "UNKNOWN" }, "title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-07-08T06:00:00.000Z", "ID": "CVE-2022-30792", "STATE": "PUBLIC", "TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "CODESYS Control RTE (SL)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Control RTE (for Beckhoff CX) SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Control Win (SL)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Gateway", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Edge Gateway for Windows", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS HMI (SL)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Development System V3", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.10" } ] } }, { "product_name": "CODESYS Control Runtime System Toolkit", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Embedded Target Visu Toolkit", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Remote Target Visu Toolkit", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V3.5.18.20" } ] } }, { "product_name": "CODESYS Control for BeagleBone SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for Beckhoff CX9020 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for emPC-A/iMX6 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for IOT2000 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for Linux SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for PFC100 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for PFC200 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for PLCnext SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for Raspberry Pi SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Control for WAGO Touch Panels 600 SL", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } }, { "product_name": "CODESYS Edge Gateway for Linux", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V3", "version_value": "V4.5.0.0" } ] } } ] }, "vendor_name": "CODESYS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=" } ] }, "source": { "defect": [ "CERT@VDE#", "64130" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-30792", "datePublished": "2022-07-11T10:40:43.935648Z", "dateReserved": "2022-05-16T00:00:00", "dateUpdated": "2024-09-16T23:05:31.037Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-13542 (GCVE-0-2019-13542)
Vulnerability from cvelistv5
Published
2019-09-17 18:56
Modified
2024-08-04 23:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL POINTER DEREFERENCE
Summary
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
GmbH | 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server |
Version: all versions 3.5.11.0 to 3.5.15.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:57:39.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server", "vendor": "GmbH", "versions": [ { "status": "affected", "version": "all versions 3.5.11.0 to 3.5.15.0" } ] } ], "descriptions": [ { "lang": "en", "value": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL POINTER DEREFERENCE CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-17T18:56:45", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13542", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server", "version": { "version_data": [ { "version_value": "all versions 3.5.11.0 to 3.5.15.0" } ] } } ] }, "vendor_name": "GmbH" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "NULL POINTER DEREFERENCE CWE-476" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13542", "datePublished": "2019-09-17T18:56:45", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-15806 (GCVE-0-2020-15806)
Vulnerability from cvelistv5
Published
2020-07-22 18:14
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:30:22.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.codesys.com" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2020-46" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-22T22:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.codesys.com" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2020-46" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15806", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.codesys.com", "refsource": "MISC", "url": "https://www.codesys.com" }, { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=" }, { "name": "https://www.tenable.com/security/research/tra-2020-46", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-46" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15806", "datePublished": "2020-07-22T18:14:43", "dateReserved": "2020-07-17T00:00:00", "dateUpdated": "2024-08-04T13:30:22.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }