Vulnerabilites related to CODESYS - Control for Raspberry Pi
cve-2018-25048
Vulnerability from cvelistv5
Published
2023-03-23 10:45
Modified
2025-02-19 21:00
Severity ?
EPSS score ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T21:00:23.308028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T21:00:29.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for emPC-A/iMX6",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Simulation Runtime (part of the CODESYS Development System)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Remote Target Visu (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control V3 Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit 32 bit embedded",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.3.2.10",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.4.7.52",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.4.7.52",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Prosoft-Systems Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."
}
],
"value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T10:45:36.900Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#64324"
],
"discovery": "EXTERNAL"
},
"title": "Codesys Runtime Improper Limitation of a Pathname",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2018-25048",
"datePublished": "2023-03-23T10:45:36.900Z",
"dateReserved": "2022-12-07T12:06:08.365Z",
"dateUpdated": "2025-02-19T21:00:29.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201909-1000
Vulnerability from variot
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A code issue vulnerability exists in 3S-Smart Software Solutions CODESYS Control. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: CODESYS Control for BeagleBone 3.5.11.0 to 3.5.15.0, CODESYS Control for emPC-A / iMX6 3.5.11.0 to 3.5.15.0, and CODESYS Control for IOT2000 3.5.11.0 to 3.5. Version 15.0, CODESYS Control for Linux 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC100 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC200 3.5.11.0 to 3.5.15.0, CODESYS Control for Raspberry Pi Version 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0 (for Beckhoff CX), CODESYS Control Win V3 3.5.11.0 Version to 3.5.15.0 (also part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit version 3.5.11.0 to 3.5.15.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1000",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "software solutions codesys control rte",
"scope": "eq",
"trust": 1.2,
"vendor": "3s smart",
"version": "v3\u003e=3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "control for pfc100",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control for empc-a\\/imx6",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control for iot2000",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for beaglebone",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "linux",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control for pfc200",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control for raspberry pi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.11.0"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "codesys control for beaglebone",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control for iot2000",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control for linux",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control for pfc100",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control for pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control for raspberry pi",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control rte v3",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control runtime system toolkit",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "codesys control win sl",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.11.0 to 3.5.15.0"
},
{
"model": "software solutions codesys control for beaglebone",
"scope": "gte",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control for empc-a/imx",
"scope": "gte",
"trust": 0.6,
"vendor": "3s smart",
"version": "63.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control for iot2000",
"scope": "gte",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control for linux",
"scope": "gte",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control for pfc100",
"scope": "gte",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control for pfc200",
"scope": "gte",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control for raspberry pi",
"scope": "gte",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control win",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "v3\u003e=3.5.11.0,\u003c=3.5.15.0"
},
{
"model": "software solutions codesys control runtime system toolkit",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "v3\u003e=3.5.11.0,\u003c=3.5.15.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control rte",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "runtime system toolkit",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_win_sl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
}
]
},
"cve": "CVE-2019-13542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-13542",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-32460",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "0388bd06-7396-4425-9011-862e9649841c",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-13542",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13542",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13542",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-13542",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-32460",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-656",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
},
{
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA code issue vulnerability exists in 3S-Smart Software Solutions CODESYS Control. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: CODESYS Control for BeagleBone 3.5.11.0 to 3.5.15.0, CODESYS Control for emPC-A / iMX6 3.5.11.0 to 3.5.15.0, and CODESYS Control for IOT2000 3.5.11.0 to 3.5. Version 15.0, CODESYS Control for Linux 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC100 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC200 3.5.11.0 to 3.5.15.0, CODESYS Control for Raspberry Pi Version 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0 (for Beckhoff CX), CODESYS Control Win V3 3.5.11.0 Version to 3.5.15.0 (also part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit version 3.5.11.0 to 3.5.15.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13542"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
},
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13542",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-04",
"trust": 3.0
},
{
"db": "AUSCERT",
"id": "ESB-2019.3487",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2019-32460",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-05",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "0388BD06-7396-4425-9011-862E9649841C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
},
{
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"id": "VAR-201909-1000",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
}
]
},
"last_update_date": "2024-11-23T22:05:59.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "3S-Smart Software Solutions CODESYS Control Code Issue Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/181473"
},
{
"title": "CODESYS Control V3 runtime systems Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13542"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3487/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13542"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
},
{
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
},
{
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-21T00:00:00",
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"date": "2019-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-656"
},
{
"date": "2019-09-17T19:15:10.757000",
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32460"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009520"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-656"
},
{
"date": "2024-11-21T04:25:06.737000",
"db": "NVD",
"id": "CVE-2019-13542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions CODESYS Control Code Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNVD",
"id": "CNVD-2019-32460"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "0388bd06-7396-4425-9011-862e9649841c"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-656"
}
],
"trust": 0.8
}
}
var-201909-1519
Vulnerability from variot
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. CODESYS V3 web The server contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS V3 web server is a web server used by 3S-Smart Software Solutions of Germany in CODESYS products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1519",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.13.0"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control win",
"scope": "lte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.80"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.10.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "embedded target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.13.0"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "remote target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.8.60"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.13.0"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "codesys control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control win sl",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "software solutions codesys web server",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "v3\u003c3.5.14.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "control rte",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "hmi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control runtime system toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "embedded target visu toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "remote target visu toolkit",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_win_sl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
}
]
},
"cve": "CVE-2019-13548",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-32462",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "2062592c-6ba3-43d6-8392-53b413cc328b",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13548",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13548",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13548",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-13548",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-32462",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-658",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-658"
},
{
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. CODESYS V3 web The server contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS V3 web server is a web server used by 3S-Smart Software Solutions of Germany in CODESYS products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13548"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13548",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-01",
"trust": 2.4
},
{
"db": "AUSCERT",
"id": "ESB-2019.3487",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2019-32462",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-658",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-05",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-02",
"trust": 0.6
},
{
"db": "IVD",
"id": "2062592C-6BA3-43D6-8392-53B413CC328B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-658"
},
{
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"id": "VAR-201909-1519",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
}
]
},
"last_update_date": "2024-11-23T22:05:59.484000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "3S-Smart Software Solutions CODESYS V3 web server buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/181467"
},
{
"title": "CODESYS V3 web server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98232"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-658"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13548"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3487/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13548"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-658"
},
{
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-658"
},
{
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-21T00:00:00",
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"date": "2019-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-658"
},
{
"date": "2019-09-13T17:15:11.693000",
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32462"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009415"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-658"
},
{
"date": "2024-11-21T04:25:07.460000",
"db": "NVD",
"id": "CVE-2019-13548"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-658"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions CODESYS V3 web server Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNVD",
"id": "CNVD-2019-32462"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "2062592c-6ba3-43d6-8392-53b413cc328b"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-658"
}
],
"trust": 0.8
}
}
var-201909-0996
Vulnerability from variot
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. CODESYS V3 web The server contains a path traversal vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0996",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.13.0"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control win",
"scope": "lte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.80"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.10.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "embedded target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.13.0"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "remote target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.12.80"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.8.60"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.13.0"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.10"
},
{
"model": "codesys control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control win sl",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "software solutions codesys web server",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "v3\u003c3.5.14.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "control rte",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "hmi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control runtime system toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "embedded target visu toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "remote target visu toolkit",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_win_sl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
}
]
},
"cve": "CVE-2019-13532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13532",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-32463",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13532",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13532",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13532",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13532",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-32463",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-657",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
},
{
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. CODESYS V3 web The server contains a path traversal vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13532",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-01",
"trust": 2.4
},
{
"db": "AUSCERT",
"id": "ESB-2019.3487",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2019-32463",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-05",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-02",
"trust": 0.6
},
{
"db": "IVD",
"id": "F4634C88-FFBB-41D2-9DE5-4C49DF63339A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
},
{
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"id": "VAR-201909-0996",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
}
]
},
"last_update_date": "2024-11-23T22:05:59.550000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "3S-Smart Software Solutions CODESYS V3 web server path traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/181469"
},
{
"title": "CODESYS V3 web server Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13532"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3487/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13532"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
},
{
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
},
{
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-21T00:00:00",
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"date": "2019-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-657"
},
{
"date": "2019-09-13T17:15:11.617000",
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009414"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-657"
},
{
"date": "2024-11-21T04:25:05.470000",
"db": "NVD",
"id": "CVE-2019-13532"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions CODESYS V3 web server Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNVD",
"id": "CNVD-2019-32463"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "f4634c88-ffbb-41d2-9de5-4c49df63339a"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-657"
}
],
"trust": 0.8
}
}
var-201911-0644
Vulnerability from variot
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow. CODESYS 3 web The server contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS V3 web server is a web server used in CODESYS products by German 3S-Smart Software Solutions. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0644",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.20"
},
{
"model": "codesys control for beaglebone",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control for iot2000",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control for linux",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control for pfc100",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control for pfc200",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control for raspberry pi",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control rte v3",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "codesys control runtime system toolkit",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": "software solutions codesys",
"scope": "lt",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.15.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for plcnext",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control rte",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control runtime system toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "embedded target visu toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hmi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "remote target visu toolkit",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_plcnext",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
}
]
},
"cve": "CVE-2019-18858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18858",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-42751",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18858",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18858",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18858",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18858",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-42751",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1189",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1189"
},
{
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow. CODESYS 3 web The server contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS V3 web server is a web server used in CODESYS products by German 3S-Smart Software Solutions. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18858",
"trust": 3.2
},
{
"db": "TENABLE",
"id": "TRA-2019-48",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2019-42751",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1189",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231",
"trust": 0.8
},
{
"db": "IVD",
"id": "418D9B6E-8164-4E9E-BC05-AD15B3929EF6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1189"
},
{
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"id": "VAR-201911-0644",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
}
]
},
"last_update_date": "2024-11-23T22:25:44.567000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2019-10",
"trust": 0.8,
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"title": "Patch for 3S-Smart Software Solutions CODESYS Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/192697"
},
{
"title": "3S-Smart Software Solutions CODESYS V3 web server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103504"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18858"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/advisory2019-10_cds-68341.pdf"
},
{
"trust": 1.6,
"url": "https://www.tenable.com/security/research/tra-2019-48"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18858"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1189"
},
{
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1189"
},
{
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"date": "2019-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1189"
},
{
"date": "2019-11-20T18:15:10.917000",
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-42751"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012231"
},
{
"date": "2020-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1189"
},
{
"date": "2024-11-21T04:33:43.753000",
"db": "NVD",
"id": "CVE-2019-18858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions CODESYS Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNVD",
"id": "CNVD-2019-42751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "418d9b6e-8164-4e9e-bc05-ad15b3929ef6"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1189"
}
],
"trust": 0.8
}
}
var-202005-0318
Vulnerability from variot
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. CODESYS Development System Exists in a privilege management vulnerability.Information may be obtained and tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "codesys control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control runtime toolkit",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control win sl",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys development system",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys hmi",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_plcnext",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:codesys_runtime_toolkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_win_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:development_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:hmi",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
}
]
},
"cve": "CVE-2020-12068",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12068",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005666",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12068",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-005666",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12068",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005666",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-810",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-810"
},
{
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. CODESYS Development System Exists in a privilege management vulnerability.Information may be obtained and tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12068"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12068",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005666",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-810",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-810"
},
{
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"id": "VAR-202005-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24064171
},
"last_update_date": "2024-11-23T22:05:38.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2020-04",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com"
},
{
"title": "3S-Smart Software Solutions CODESYS Development System Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119351"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.codesys.com"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12068"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12068"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-810"
},
{
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-810"
},
{
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-810"
},
{
"date": "2020-05-14T21:15:13.260000",
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005666"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-810"
},
{
"date": "2024-11-21T04:59:12.677000",
"db": "NVD",
"id": "CVE-2020-12068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-810"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Development System Vulnerability related to authority management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005666"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-810"
}
],
"trust": 0.6
}
}
var-202212-1959
Vulnerability from variot
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. Pilz PMC A programming tool is vulnerable to the use of weak password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1959",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "762-5305\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6201\\/8000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4202\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control rte v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-6302\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8214",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8206",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5203\\/8000-001",
"scope": "lte",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6202\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6203\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control v3 runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "hmi v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-4306\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8211",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4201\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-4203\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-4301\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5205\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "pmc",
"scope": "lt",
"trust": 1.0,
"vendor": "pilz",
"version": "3.5.17"
},
{
"model": "v3 simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "750-8216",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "controller cecc-s",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.0"
},
{
"model": "750-8210",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "controller cecc-s",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.1"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "controller cecc-d",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.0"
},
{
"model": "762-5204\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6304\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "controller cecc-d",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.1"
},
{
"model": "752-8303\\/8000-0002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4304\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4204\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "controller cecc-lk",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.0"
},
{
"model": "762-5206\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8217",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": null
},
{
"model": "controller cecc-lk",
"scope": "eq",
"trust": 1.0,
"vendor": "festo",
"version": "2.3.8.1"
},
{
"model": "750-8203",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8102",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6301\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5306\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4305\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8212",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "750-8101",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8100",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4205\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8202",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8204",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control win v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-4205\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8213",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4206\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8215",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6204\\/8000-001",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-6303\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-5304\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "750-8207",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "762-4206\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "762-4302\\/8000-002",
"scope": "lt",
"trust": 1.0,
"vendor": "wago",
"version": "03.06.19\\(18\\)"
},
{
"model": "pmc",
"scope": "gte",
"trust": 1.0,
"vendor": "pilz",
"version": "3.0.0"
},
{
"model": "pmc",
"scope": "lt",
"trust": 0.8,
"vendor": "pilz",
"version": "3.x"
},
{
"model": "pmc",
"scope": "eq",
"trust": 0.8,
"vendor": "pilz",
"version": null
},
{
"model": "pmc",
"scope": "eq",
"trust": 0.8,
"vendor": "pilz",
"version": "3.5.17"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"cve": "CVE-2020-12069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12069",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-12069",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12069",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2020-12069",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-12069",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3933",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. Pilz PMC A programming tool is vulnerable to the use of weak password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12069",
"trust": 3.2
},
{
"db": "CERT@VDE",
"id": "VDE-2021-061",
"trust": 2.4
},
{
"db": "CERT@VDE",
"id": "VDE-2022-022",
"trust": 1.0
},
{
"db": "CERT@VDE",
"id": "VDE-2022-031",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004118",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3933",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"id": "VAR-202212-1959",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4538690433333333
},
"last_update_date": "2024-10-05T01:43:49.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.pilz.com/ja-INT"
},
{
"title": "Pilz PMC programming tool Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220121"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.0
},
{
"problemtype": "Use of weak password hashes (CWE-916) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert.vde.com/en/advisories/vde-2021-061/"
},
{
"trust": 1.0,
"url": "https://cert.vde.com/en/advisories/vde-2022-022/"
},
{
"trust": 1.0,
"url": "https://cert.vde.com/en/advisories/vde-2022-031/"
},
{
"trust": 1.0,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12069"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-12069/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"date": "2022-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"date": "2022-12-26T19:15:10.520000",
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-22T08:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-004118"
},
{
"date": "2023-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3933"
},
{
"date": "2024-10-03T19:18:50.300000",
"db": "NVD",
"id": "CVE-2020-12069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pilz\u00a0PMC\u00a0 Vulnerability in using weak password hashes in programming tools",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004118"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3933"
}
],
"trust": 0.6
}
}
var-202003-0430
Vulnerability from variot
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. CODESYS Control runtime An out-of-bounds write vulnerability exists in the system.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0430",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "control rte",
"version": "*"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.80"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.10.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "embedded target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "remote target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.8.60"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.40"
},
{
"model": "codesys control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for plcnext",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control runtime system toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "embedded target visu toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "hmi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "remote target visu toolkit",
"version": "*"
},
{
"model": "software solutions codesys web server",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "v3\u003c3.5.15.40"
}
],
"sources": [
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_plcnext",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
}
]
},
"cve": "CVE-2020-10245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10245",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003551",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-20436",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10245",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003551",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10245",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003551",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-20436",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1628",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1628"
},
{
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. CODESYS Control runtime An out-of-bounds write vulnerability exists in the system.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10245"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10245",
"trust": 3.6
},
{
"db": "TENABLE",
"id": "TRA-2020-16",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2020-20436",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1628",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003551",
"trust": 0.8
},
{
"db": "IVD",
"id": "74DCAC01-AA60-41E2-8AA0-8EFB7CD113AC",
"trust": 0.2
},
{
"db": "IVD",
"id": "FBB246FE-927C-4F97-9AC5-DA6A2AA9AA74",
"trust": 0.2
},
{
"db": "IVD",
"id": "9D9A683C-8679-4E40-B76E-9DE9CCED9FC3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1628"
},
{
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"id": "VAR-202003-0430",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"db": "CNVD",
"id": "CNVD-2020-20436"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"db": "CNVD",
"id": "CNVD-2020-20436"
}
]
},
"last_update_date": "2024-11-23T22:48:07.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2020-03",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
},
{
"title": "Patch for 3S-Smart Software Solutions CODESYS V3 web server buffer overflow vulnerability (CNVD-2020-20436)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211803"
},
{
"title": "3S-Smart Software Solutions CODESYS V3 web server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115312"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1628"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10245"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10245"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1628"
},
{
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1628"
},
{
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"date": "2020-03-26T00:00:00",
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"date": "2020-03-26T00:00:00",
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"date": "2020-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1628"
},
{
"date": "2020-03-26T04:15:11.533000",
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20436"
},
{
"date": "2020-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003551"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1628"
},
{
"date": "2024-11-21T04:55:03.253000",
"db": "NVD",
"id": "CVE-2020-10245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1628"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control runtime Out-of-bounds write vulnerabilities in the system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003551"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "74dcac01-aa60-41e2-8aa0-8efb7cd113ac"
},
{
"db": "IVD",
"id": "fbb246fe-927c-4f97-9ac5-da6a2aa9aa74"
},
{
"db": "IVD",
"id": "9d9a683c-8679-4e40-b76e-9de9cced9fc3"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1628"
}
],
"trust": 1.2
}
}
var-201909-0084
Vulnerability from variot
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "codesys control for beaglebone",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for iot2000",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for pfc100",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for pfc200",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for raspberry pi",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control rte v3",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control win sl",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys hmi",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_win_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:hmi",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
}
]
},
"cve": "CVE-2019-9009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160444",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9009",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-9009",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9009",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9009",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-659",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160444",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "VULHUB",
"id": "VHN-160444"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-255-05",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-9009",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3487",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160444",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"id": "VAR-201909-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:05:59.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "CODESYS V3 runtime systems Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98233"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9009"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9009"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3487/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12941\u0026amp;token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026amp;download="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-160444"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"date": "2019-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"date": "2019-09-17T16:15:11.077000",
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-160444"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"date": "2024-11-21T04:50:48.197000",
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart CODESYS Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
],
"trust": 0.6
}
}
var-202001-1803
Vulnerability from variot
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control , Gateway , HMI Contains a resource exhaustion vulnerability.Denial of service operation (DoS) May be in a state. CoDeSys is a powerful PLC software programming tool.
CODESYS Control memory allocation is secure. Remote attackers can use this vulnerability to submit special requests to conduct denial-of-service attacks. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1803",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "simulation runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.40"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil2",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.80"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.10.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.10"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.8.60"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "codesys control for beaglebone",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "control for plcnext",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys hmi",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "control",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": "hmi",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "control rte",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for plcnext",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control runtime system toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gateway",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hmi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "safety sil2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simulation runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"cve": "CVE-2020-7052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-7052",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-13190",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-185177",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7052",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-7052",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7052",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-7052",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-13190",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1104",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-185177",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control , Gateway , HMI Contains a resource exhaustion vulnerability.Denial of service operation (DoS) May be in a state. CoDeSys is a powerful PLC software programming tool. \n\r\n\r\nCODESYS Control memory allocation is secure. Remote attackers can use this vulnerability to submit special requests to conduct denial-of-service attacks. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7052"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "VULHUB",
"id": "VHN-185177"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7052",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2020-04",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-13190",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515",
"trust": 0.8
},
{
"db": "IVD",
"id": "A64EF9AA-2BB3-4067-B045-CC3D87B01A10",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185177",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"id": "VAR-202001-1803",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
}
],
"trust": 1.23333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
}
]
},
"last_update_date": "2024-11-23T21:51:41.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02020-01",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"title": "Patch for CODESYS Control Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204645"
},
{
"title": "Multiple 3S-Smart Software Solutions Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112808"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Resource depletion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7052"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12977\u0026amp;token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026amp;download="
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-24T00:00:00",
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"date": "2020-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-185177"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"date": "2020-01-24T20:15:10.970000",
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-185177"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"date": "2024-11-21T05:36:34.220000",
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
],
"trust": 0.8
}
}
var-202007-0686
Vulnerability from variot
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. CODESYS Control Is vulnerable to resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software.
3S-Smart Software Solutions CODESYS Control has a denial of service vulnerability. Allow remote attackers to use vulnerabilities to submit special requests and perform denial of service attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "simulation runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.40"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.80"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.10.0"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "embedded target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for wago touch panels 600",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "remote target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.8.60"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.10"
},
{
"model": "codesys control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for wago touch panels 600",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "software solutions codesys control runtime system",
"scope": "lt",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.16.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_plcnext",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_wago_touch_panels_600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
}
]
},
"cve": "CVE-2020-15806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-15806",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008192",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-53803",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-15806",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008192",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-15806",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008192",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-53803",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1373",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1373"
},
{
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. CODESYS Control Is vulnerable to resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software. \n\r\n\r\n3S-Smart Software Solutions CODESYS Control has a denial of service vulnerability. Allow remote attackers to use vulnerabilities to submit special requests and perform denial of service attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15806"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "CNVD",
"id": "CNVD-2020-53803"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-15806",
"trust": 3.0
},
{
"db": "TENABLE",
"id": "TRA-2020-46",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-53803",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1373",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1373"
},
{
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"id": "VAR-202007-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
}
]
},
"last_update_date": "2024-11-23T22:33:24.506000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"title": "CODESYS GroupAdvisory 2020-05",
"trust": 0.8,
"url": "https://www.codesys.com"
},
{
"title": "Patch for 3S-Smart Software Solutions CODESYS Control Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/235513"
},
{
"title": "3S-Smart Software Solutions CODESYS Control Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125016"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1373"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.0
},
{
"problemtype": "CWE-770",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15806"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"trust": 1.6,
"url": "https://www.codesys.com"
},
{
"trust": 1.6,
"url": "https://www.tenable.com/security/research/tra-2020-46"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15806"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1373"
},
{
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1373"
},
{
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"date": "2020-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"date": "2020-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1373"
},
{
"date": "2020-07-22T19:15:12.317000",
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53803"
},
{
"date": "2020-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008192"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1373"
},
{
"date": "2024-11-21T05:06:13.097000",
"db": "NVD",
"id": "CVE-2020-15806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1373"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control Vulnerability in resource allocation without restrictions or throttling in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1373"
}
],
"trust": 0.6
}
}