Vulnerabilites related to codesys - gateway
cve-2022-22514
Vulnerability from cvelistv5
Published
2022-04-07 18:21
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T05:55:11",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
"ID": "CVE-2022-22514",
"STATE": "PUBLIC",
"TITLE": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822: Untrusted Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22514",
"datePublished": "2022-04-07T18:21:14.309072Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:03:50.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31803
Vulnerability from cvelistv5
Published
2022-06-24 07:46
Modified
2024-09-16 20:01
Severity ?
EPSS score ?
Summary
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Version: V2 < V2.3.9.38 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:11",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Gateway Server V2 prone to Denial of Service Attack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T07:54:00.000Z",
"ID": "CVE-2022-31803",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway Server V2 prone to Denial of Service Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31803",
"datePublished": "2022-06-24T07:46:11.188713Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T20:01:21.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36764
Vulnerability from cvelistv5
Published
2021-08-04 13:35
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T13:35:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36764",
"datePublished": "2021-08-04T13:35:31",
"dateReserved": "2021-07-16T00:00:00",
"dateUpdated": "2024-08-04T01:01:59.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30791
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3 < V3.5.18.20 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30791",
"STATE": "PUBLIC",
"TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30791",
"datePublished": "2022-07-11T10:40:38.913416Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29241
Vulnerability from cvelistv5
Published
2021-05-03 13:17
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/index.php | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download= | x_refsource_MISC | |
| https://www.codesys.com/security/security-reports.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com/security/security-reports.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-16T13:55:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com/security/security-reports.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"name": "https://www.codesys.com/security/security-reports.html",
"refsource": "MISC",
"url": "https://www.codesys.com/security/security-reports.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29241",
"datePublished": "2021-05-03T13:17:03",
"dateReserved": "2021-03-25T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31804
Vulnerability from cvelistv5
Published
2022-06-24 07:46
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Version: unspecified < V2.3.9.38 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:12",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T08:02:00.000Z",
"ID": "CVE-2022-31804",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789: Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31804",
"datePublished": "2022-06-24T07:46:13.080219Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T20:16:34.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7052
Vulnerability from cvelistv5
Published
2020-01-24 19:31
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-04 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T19:31:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7052",
"datePublished": "2020-01-24T19:31:59",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22517
Vulnerability from cvelistv5
Published
2022-04-07 18:21
Modified
2024-09-16 22:16
Severity ?
EPSS score ?
Summary
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3.5.18.0 < V3.5.18.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS OPC DA Server SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-334",
"description": "CWE-334 Small Space of Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:21:19",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
"ID": "CVE-2022-22517",
"STATE": "PUBLIC",
"TITLE": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS OPC DA Server SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS PLCHandler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-334 Small Space of Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22517",
"datePublished": "2022-04-07T18:21:20.091353Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:16:04.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9012
Vulnerability from cvelistv5
Published
2019-08-15 17:47
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download= | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:47:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9012",
"datePublished": "2019-08-15T17:47:31",
"dateReserved": "2019-02-22T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20025
Vulnerability from cvelistv5
Published
2019-02-19 21:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106251 | vdb-entry, x_refsource_BID | |
| https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/ | x_refsource_MISC | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | CODESYS V3 products |
Version: prior V3.5.14.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS V3 products",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "prior V3.5.14.0"
}
]
}
],
"datePublic": "2018-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T14:40:07",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-12-10T00:00:00",
"ID": "CVE-2018-20025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V3 products",
"version": {
"version_data": [
{
"version_value": "prior V3.5.14.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106251"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-20025",
"datePublished": "2019-02-19T21:00:00Z",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-09-16T18:39:11.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31802
Vulnerability from cvelistv5
Published
2022-06-24 07:46
Modified
2024-09-17 00:32
Severity ?
EPSS score ?
Summary
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Version: V2 < V2.3.9.38 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187 Partial String Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Partial string comparison in CODESYS gateway server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T07:38:00.000Z",
"ID": "CVE-2022-31802",
"STATE": "PUBLIC",
"TITLE": "Partial string comparison in CODESYS gateway server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-187 Partial String Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31802",
"datePublished": "2022-06-24T07:46:09.625943Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-17T00:32:18.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29242
Vulnerability from cvelistv5
Published
2021-05-03 13:56
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/index.php | x_refsource_MISC | |
| https://www.codesys.com/security/security-reports.html | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-03T13:56:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php"
},
{
"name": "https://www.codesys.com/security/security-reports.html",
"refsource": "MISC",
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29242",
"datePublished": "2021-05-03T13:56:06",
"dateReserved": "2021-03-25T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30792
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 23:05
Severity ?
EPSS score ?
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3 < V3.5.18.20 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:43",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30792",
"STATE": "PUBLIC",
"TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30792",
"datePublished": "2022-07-11T10:40:43.935648Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9009
Vulnerability from cvelistv5
Published
2019-09-17 15:34
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:23:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9009",
"datePublished": "2019-09-17T15:34:42",
"dateReserved": "2019-02-22T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22513
Vulnerability from cvelistv5
Published
2022-04-07 18:21
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3.5.18.0 < V3.5.18.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T05:55:10",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
"ID": "CVE-2022-22513",
"STATE": "PUBLIC",
"TITLE": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22513",
"datePublished": "2022-04-07T18:21:12.792321Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:29:14.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20026
Vulnerability from cvelistv5
Published
2019-02-19 21:00
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106251 | vdb-entry, x_refsource_BID | |
| https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ | x_refsource_MISC | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | CODESYS V3 products |
Version: prior V3.5.14.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS V3 products",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "prior V3.5.14.0"
}
]
}
],
"datePublic": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Communication Address Filtering",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T14:43:36",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-12-19T00:00:00",
"ID": "CVE-2018-20026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V3 products",
"version": {
"version_data": [
{
"version_value": "prior V3.5.14.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Communication Address Filtering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106251"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-20026",
"datePublished": "2019-02-19T21:00:00Z",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-09-16T20:37:39.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9010
Vulnerability from cvelistv5
Published
2019-08-15 17:44
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:50:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9010",
"datePublished": "2019-08-15T17:44:42",
"dateReserved": "2019-02-22T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31805
Vulnerability from cvelistv5
Published
2022-06-24 07:46
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Development System |
Version: V2 < V2.3.9.69 Version: V3 < V3.5.18.30 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.69",
"status": "affected",
"version": "V2",
"versionType": "custom"
},
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Client",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Web server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V1.1.9.23",
"status": "affected",
"version": "V1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS SP Realtime NT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.7.30",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS OPC DA Server SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
}
],
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T12:54:39.506Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
},
"title": "Insecure transmission of credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
"ID": "CVE-2022-31805",
"STATE": "PUBLIC",
"TITLE": "Insecure transmission of credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Development System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.69"
},
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Gateway Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Web server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V1",
"version_value": "V1.1.9.23"
}
]
}
},
{
"product_name": "CODESYS SP Realtime NT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.7.30"
}
]
}
},
{
"product_name": "CODESYS PLCWinNT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Runtime Toolkit 32 bit full",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS OPC DA Server SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS PLCHandler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-523 Unprotected Transport of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31805",
"datePublished": "2022-06-24T07:46:15.076016Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T18:55:26.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-09-17 16:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_win | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | linux | * | |
| codesys | runtime_system_toolkit | * | |
| codesys | safety_sil2 | * | |
| codesys | simulation_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "958821C8-142A-4B67-857B-63A6AD53E1B8",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9940444-8CFD-4044-8662-FDC11E93E6E4",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "805D48DF-DA8F-40AB-B7AE-B2F0A75616E9",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEAC81A-4FFA-4692-961D-7DF58E2B0CDE",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2506A775-D1FB-4C2F-98EC-B781AA19E340",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "963C9351-B167-4C1F-914E-A7009A532A0F",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5F978B-5245-41D9-B11C-B27703A2A090",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1429532E-76A8-4987-B916-AA3FD7C37E06",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "563FD9B0-D6F5-4A4C-A43D-555C2DC60DD4",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFC0D89-BD79-4032-B0CA-08C4F8EA1776",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2B09D6-8FD2-46FA-A1B2-55B7E996D71B",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "417EFF04-1584-44C3-8AD9-593174089A31",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "139851DD-0E16-4C8D-AA55-0231B2C443A7",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB11CE8-8B22-4D2D-A0A9-4D23C30A3FF5",
"versionEndExcluding": "3.5.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en 3S-Smart CODESYS versiones anteriores a 3.5.15.0. Unos paquetes de red dise\u00f1ados causan que el Control Runtime se bloquee."
}
],
"id": "CVE-2019-9009",
"lastModified": "2024-11-21T04:50:48.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T16:15:11.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 11:15
Modified
2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600 | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
},
{
"lang": "es",
"value": "En CmpBlkDrvTcp de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no est\u00e1n afectadas"
}
],
"id": "CVE-2022-30791",
"lastModified": "2024-11-21T07:03:23.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-11T11:15:08.177",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-07 19:15
Modified
2024-11-21 06:46
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_beckhoff_cx9020 | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600_sl | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win_sl | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi_sl | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0588BE-2046-48F8-95E9-338FB009E2FA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF3C0B-9043-4E82-A8F3-95CB79D8DAA1",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB8984E-ED1F-4F52-B016-F08C0D085C64",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412EBC80-0D9C-419F-9DC3-E2054A8B93B0",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F66AAE46-CCF8-46D6-89AD-5A4461FCECE9",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1C57CE-152A-44AE-98B8-39E310255C8E",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A94C91-B155-4A5A-9F0B-F7E04F3B23B5",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "95BC26CF-75EE-43A2-8A92-E877CAF612F3",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D85A5BC-ADB6-40E4-9434-B57C99185BBA",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC013B85-98C0-4EF0-844C-4C75D1D237D9",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25737EE6-531E-4241-AA40-856388A2E333",
"versionEndExcluding": "3.5.18.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "780B6607-72A7-487E-A180-5C9A49BF6355",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F1B30B-6D52-40B1-ABD3-5164A76F5447",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C264A88-C41C-400B-9C69-0DBB1CEB9DF9",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60E8930A-4C6C-41CE-8BA8-97332DC753FF",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "879A9478-54E4-4B6E-A6DC-6DDE1C5E7745",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
},
{
"lang": "es",
"value": "Un atacante remoto autentificado puede obtener acceso a un puntero desreferenciado contenido en una solicitud. Los accesos pueden llevar posteriormente a la sobreescritura local de la memoria en el CmpTraceMgr, por lo que el atacante no puede obtener los valores le\u00eddos internamente ni controlar los valores a escribir. Si se accede a una memoria no v\u00e1lida, se produce un fallo"
}
],
"id": "CVE-2022-22514",
"lastModified": "2024-11-21T06:46:56.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-07T19:15:08.133",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-03 14:15
Modified
2024-11-21 06:00
Severity ?
Summary
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download= | Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com/security/security-reports.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com/security/security-reports.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C182D390-3A29-4048-805B-F00AF40E7353",
"versionEndExcluding": "4.0.1.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE1E73E-5A65-4C33-973D-B5E4D997AC7A",
"versionEndExcluding": "4.0.1.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94EF5004-D1D7-449D-9D99-92FC273FFF1F",
"versionEndExcluding": "4.0.1.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9AF0BE-05EC-4411-802B-331EA6B0E54E",
"versionEndExcluding": "4.0.1.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B749C0-A553-42AB-AFCF-91F990BAA765",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C13DE019-B415-4373-8FC2-54A2898F50EA",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "763C9946-EFD7-469C-9D40-4186FE650F6F",
"versionEndExcluding": "4.0.1.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "035E43A5-7350-4B06-B3AA-40DD3A673BA7",
"versionEndExcluding": "3.5.16.70",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B35F55F6-2032-4F5A-AC3A-76835C043D7E",
"versionEndExcluding": "3.5.16.70",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "02017CB2-3E3C-4F89-B1DA-C8E8213BC8C8",
"versionEndExcluding": "3.5.16.70",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "FFBA19D6-9436-4E14-B9D3-28B82CB0321D",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "671DF92A-D4CB-44E4-B4FD-781D3561FDAB",
"versionEndExcluding": "3.5.16.70",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS)."
},
{
"lang": "es",
"value": "CODESYS Gateway versiones 3 anteriores a 3.5.16.70 tiene una derivaci\u00f3n de puntero NULL que puede resultar en una denegaci\u00f3n de servicio (DoS)"
}
],
"id": "CVE-2021-29241",
"lastModified": "2024-11-21T06:00:51.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-03T14:15:07.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com/security/security-reports.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-04 14:15
Modified
2024-11-21 06:14
Severity ?
Summary
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download= | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download= | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12760339-789F-4A7E-A103-FEBFBC625CCB",
"versionEndExcluding": "3.5.17.10",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition."
},
{
"lang": "es",
"value": "En CODESYS Gateway versiones V3 anteriores a 3.5.17.10, se presenta una Desreferencia de Puntero NULL. Unas peticiones de comunicaci\u00f3n dise\u00f1adas pueden causar una desreferencia de puntero Null en los productos CODESYS afectados y pueden resultar en una condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-36764",
"lastModified": "2024-11-21T06:14:02.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-04T14:15:08.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 08:15
Modified
2024-11-21 07:05
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | gateway | * | |
| codesys | hmi_sl | * | |
| codesys | opc_server | * | |
| codesys | plchandler | * | |
| codesys | plcwinnt | * | |
| codesys | runtime_toolkit | * | |
| codesys | sp_realtime_nt | * | |
| codesys | web_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D06342-38A2-4E95-BE56-08D54271E41F",
"versionEndExcluding": "2.3.9.69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EC5C6832-F0B3-46DF-8047-22A2544D937C",
"versionEndExcluding": "3.5.18.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9AE405-A0E5-48FF-9E8C-1A323D296445",
"versionEndExcluding": "2.3.9.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A1B9F-97EE-4E4C-AAB9-511B4A3ED98C",
"versionEndExcluding": "3.5.18.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CDFB44-9702-4978-B577-9D07DF3D04B0",
"versionEndExcluding": "3.5.18.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4932F620-43F8-4F3F-80AE-CD603BF05962",
"versionEndExcluding": "3.5.18.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6887DEB0-5C13-4D7B-86E6-504D8CBB2A0D",
"versionEndExcluding": "2.4.7.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5A605019-68F5-4C21-96BD-C300DECAA3D8",
"versionEndExcluding": "2.4.7.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:sp_realtime_nt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F1D049-7DF2-453A-9D5A-7FCBCAD465E3",
"versionEndExcluding": "2.3.7.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971AF379-F2B6-4791-B153-718517CA3E62",
"versionEndExcluding": "1.1.9.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
},
{
"lang": "es",
"value": "En CODESYS Development System, varios componentes en diversos versiones transmiten las contrase\u00f1as para la comunicaci\u00f3n entre clientes y servidores sin protecci\u00f3n"
}
],
"id": "CVE-2022-31805",
"lastModified": "2024-11-21T07:05:22.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-06-24T08:15:07.590",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-523"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-07 19:15
Modified
2024-11-21 06:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_beckhoff_cx9020 | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600_sl | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win_sl | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi_sl | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0588BE-2046-48F8-95E9-338FB009E2FA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF3C0B-9043-4E82-A8F3-95CB79D8DAA1",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB8984E-ED1F-4F52-B016-F08C0D085C64",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412EBC80-0D9C-419F-9DC3-E2054A8B93B0",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F66AAE46-CCF8-46D6-89AD-5A4461FCECE9",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1C57CE-152A-44AE-98B8-39E310255C8E",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A94C91-B155-4A5A-9F0B-F7E04F3B23B5",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "95BC26CF-75EE-43A2-8A92-E877CAF612F3",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D85A5BC-ADB6-40E4-9434-B57C99185BBA",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC013B85-98C0-4EF0-844C-4C75D1D237D9",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7A44B8-BAC7-47B6-ACDC-015DF54D36BF",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "780B6607-72A7-487E-A180-5C9A49BF6355",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F1B30B-6D52-40B1-ABD3-5164A76F5447",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C264A88-C41C-400B-9C69-0DBB1CEB9DF9",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60E8930A-4C6C-41CE-8BA8-97332DC753FF",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "879A9478-54E4-4B6E-A6DC-6DDE1C5E7745",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
},
{
"lang": "es",
"value": "Un atacante remoto autenticado puede causar una desreferencia de puntero null en el componente CmpSettings de los productos CODESYS afectados, lo que conlleva a un bloqueo"
}
],
"id": "CVE-2022-22513",
"lastModified": "2024-11-21T06:46:55.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-07T19:15:08.073",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 08:15
Modified
2024-11-21 07:05
Severity ?
Summary
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B49E7-1AE9-418A-AC9E-0166D16F38BD",
"versionEndExcluding": "2.3.9.38",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact."
},
{
"lang": "es",
"value": "En CODESYS Gateway Server versi\u00f3n V2, una comprobaci\u00f3n insuficiente de la actividad de las conexiones de clientes TCP permite a un atacante no autenticado consumir todas las conexiones TCP disponibles e impedir que los usuarios o clientes leg\u00edtimos establezcan una nueva conexi\u00f3n con CODESYS Gateway Server V2. Las conexiones existentes no est\u00e1n afectadas y, por tanto, permanecen intactas"
}
],
"id": "CVE-2022-31803",
"lastModified": "2024-11-21T07:05:21.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2022-06-24T08:15:07.463",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-15 18:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download= | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_runtime_toolkit | * | |
| codesys | development_system | * | |
| codesys | gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E9C6D8-9CC6-4F07-BF9E-8FBA03198AA0",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB94C8E2-B642-43D2-9396-46F5AB5E66FC",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBF71DD-DCB0-441A-B122-AC9EAD7C1D67",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C50DC2EE-102F-4B47-AF0A-25D2D10FDC1E",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D5F04F-C033-42E5-A072-137EF5C54DF7",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E06CDD-4C2A-457B-B456-BB377481C52A",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5424CD6A-42C6-4744-B182-739CC379EA79",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B19C74A7-08D3-40AC-BF00-87EF5DDA9A0C",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9995DEF-A6ED-4B62-BFE7-F85DF8E56315",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92CF05A0-31F0-49BB-9299-E9210D954682",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los productos 3S-Smart CODESYS V3. Una petici\u00f3n de comunicaci\u00f3n dise\u00f1ada puede causar asignaciones de memoria no controladas en los productos CODESYS afectados y puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio. Todas las variantes de los siguientes productos CODESYS V3 en todas las versiones anteriores a v3.5.14.20 que contienen el componente CmpGateway est\u00e1n afectadas, indiferentemente del tipo de CPU o sistema operativo: CODESYS Control para BeagleBone, CODESYS Control para emPC-A/iMX6, CODESYS Control para IOT2000, CODESYS Control para Linux, CODESYS Control para PFC100, CODESYS Control para PFC200, CODESYS Control para Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"id": "CVE-2019-9012",
"lastModified": "2024-11-21T04:50:48.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-15T18:15:23.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 11:15
Modified
2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600 | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
},
{
"lang": "es",
"value": "En CmpChannelServer de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicaci\u00f3n. Las conexiones existentes no est\u00e1n afectadas"
}
],
"id": "CVE-2022-30792",
"lastModified": "2024-11-21T07:03:23.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-11T11:15:08.240",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-19 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | http://www.securityfocus.com/bid/106251 | Third Party Advisory, VDB Entry | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/ | Mitigation, Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106251 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_toolkit | * | |
| codesys | control_win_sl | * | |
| codesys | development_system | * | |
| codesys | gateway | * | |
| codesys | hmi_sl | * | |
| codesys | safety_sil2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "087FE9CF-7492-416A-9585-0E8C00ABB320",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0A629A-E3CE-428A-81C1-25965A681B73",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
},
{
"lang": "es",
"value": "Existen valores aleatorios utilizados de manera insuficiente en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0."
}
],
"id": "CVE-2018-20025",
"lastModified": "2024-11-21T04:00:46.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-19T21:29:00.243",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-15 18:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_runtime_toolkit | * | |
| codesys | development_system | * | |
| codesys | gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E9C6D8-9CC6-4F07-BF9E-8FBA03198AA0",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB94C8E2-B642-43D2-9396-46F5AB5E66FC",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBF71DD-DCB0-441A-B122-AC9EAD7C1D67",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C50DC2EE-102F-4B47-AF0A-25D2D10FDC1E",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D5F04F-C033-42E5-A072-137EF5C54DF7",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E06CDD-4C2A-457B-B456-BB377481C52A",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5424CD6A-42C6-4744-B182-739CC379EA79",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B19C74A7-08D3-40AC-BF00-87EF5DDA9A0C",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9995DEF-A6ED-4B62-BFE7-F85DF8E56315",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92CF05A0-31F0-49BB-9299-E9210D954682",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los productos 3S-Smart CODESYS V3. CODESYS Gateway no comprueba correctamente la propiedad de un canal de comunicaci\u00f3n. Todas las variantes de los siguientes productos CODESYS V3 en todas las versiones anteriores a v3.5.14.20 que contienen el componente CmpGateway est\u00e1n afectadas, indiferentemente del tipo de CPU o sistema operativo: CODESYS Control para BeagleBone, CODESYS Control para emPC-A/iMX6, CODESYS Control para IOT2000, CODESYS Control para Linux, CODESYS Control para PFC100, CODESYS Control para PFC200, CODESYS Control para Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"id": "CVE-2019-9010",
"lastModified": "2024-11-21T04:50:48.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-15T18:15:23.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 20:15
Modified
2024-11-21 05:36
Severity ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2020-04 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-04 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_linux | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_rte | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | safety_sil2 | * | |
| codesys | simulation_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E5BF9F-79C9-48D3-9F2D-CCDF73144FCA",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221CAFE3-1BC7-4CAC-B3F8-981B3F267CFE",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B048CEB-E1D0-4EF1-9BD3-966CB9E147D8",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A72217A3-4591-4C52-AB37-7FD652276569",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51EFD6C4-C1AC-45D7-909F-6B074B32090E",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1B75F5-F426-4877-9004-1F714B2A4968",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F150E51-4E03-40A8-8099-E5BE13234DD9",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D839D59-8090-4158-A2C2-847DEDD9674D",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E278A9AE-5684-4F7E-B253-0F70CA835322",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "650315EF-4AC2-4B5B-A5A1-8ABBE6C398B6",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C46635-3068-4DDA-8527-2E473763E652",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F22E48-0C8D-47C2-8C88-F35ED1027465",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.9.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A487191-D2CD-484B-88D3-C7A1EFD8C19B",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3462D2-9AA7-4046-B491-36A2A9970BA7",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4FCCC9-6069-47D6-AB46-65697F7AE58D",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "375689F5-9B58-491C-BD1C-2CF5C9CEB474",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.9.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
},
{
"lang": "es",
"value": "CODESYS Control versi\u00f3n V3, Gateway versi\u00f3n V3 y HMI versiones V3 anteriores a 3.5.15.30, permiten una asignaci\u00f3n de memoria no controlada que puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio remota."
}
],
"id": "CVE-2020-7052",
"lastModified": "2024-11-21T05:36:34.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T20:15:10.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-07 19:15
Modified
2024-11-21 06:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_beckhoff_cx9020 | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600_sl | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win_sl | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi_sl | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0588BE-2046-48F8-95E9-338FB009E2FA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF3C0B-9043-4E82-A8F3-95CB79D8DAA1",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB8984E-ED1F-4F52-B016-F08C0D085C64",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412EBC80-0D9C-419F-9DC3-E2054A8B93B0",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F66AAE46-CCF8-46D6-89AD-5A4461FCECE9",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1C57CE-152A-44AE-98B8-39E310255C8E",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A94C91-B155-4A5A-9F0B-F7E04F3B23B5",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "95BC26CF-75EE-43A2-8A92-E877CAF612F3",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D85A5BC-ADB6-40E4-9434-B57C99185BBA",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC013B85-98C0-4EF0-844C-4C75D1D237D9",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25737EE6-531E-4241-AA40-856388A2E333",
"versionEndExcluding": "3.5.18.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "780B6607-72A7-487E-A180-5C9A49BF6355",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F1B30B-6D52-40B1-ABD3-5164A76F5447",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C264A88-C41C-400B-9C69-0DBB1CEB9DF9",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60E8930A-4C6C-41CE-8BA8-97332DC753FF",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "879A9478-54E4-4B6E-A6DC-6DDE1C5E7745",
"versionEndExcluding": "3.5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede interrumpir los canales de comunicaci\u00f3n presentes entre los productos CODESYS al adivinar un ID de canal v\u00e1lido e inyectando paquetes. Esto hace que el canal de comunicaci\u00f3n sea cerrado"
}
],
"id": "CVE-2022-22517",
"lastModified": "2024-11-21T06:46:56.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-07T19:15:08.300",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-334"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-03 14:15
Modified
2024-11-21 06:00
Severity ?
Summary
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= | Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com/security/security-reports.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com/security/security-reports.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_arm_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600_sl | * | |
| codesys | control_rte | * | |
| codesys | control_rte | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | opc_server | * | |
| codesys | plchandler | * | |
| codesys | remote_target_visu_toolkit | * | |
| codesys | safety_sil | * | |
| codesys | simulation_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA5176A-EC2A-4D06-A180-CE7204DBAF92",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "089B01CE-0023-44E9-8149-95A9C8BFC544",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "150D1F73-22B1-4B41-97A0-B02EF5CE92A9",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11A71DCF-8007-4693-BD0F-22FCD0FC0C62",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADB2C58-D545-451E-BE60-7B989E9EBCEF",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C535337-0082-4C76-B9E9-E0F9EA4D1E36",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCF1EDB-6FED-4421-BF16-A14EE6EB0505",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB284A7-76D5-4BD1-972B-751AC0B378D8",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3C058E-AE70-4E64-B3A0-60DED7A26B18",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67D475FB-BF84-4EEE-B096-8B81C2ED36A5",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64A83FD0-A545-459B-860F-70DE8E4A69DC",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "9BFCCFA4-A803-4B5E-BAD5-C26A6FE33A4C",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0224CA62-8670-4135-9A50-5E523D89CB25",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25458B55-414D-4CB4-BD51-4E4D101BB24A",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E331194D-C80D-4C81-A332-9F67F6425FD0",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "FFBA19D6-9436-4E14-B9D3-28B82CB0321D",
"versionEndExcluding": "4.1.0.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A59EBA23-C9F0-4A7A-9483-2EB9377023CE",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3954149-77D5-4FEE-B236-578D0ED18592",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A39C361B-514B-423C-B917-2E13935DF1A9",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E59EF90A-4580-41AD-8DAB-1259C766E230",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "242B0BB4-1E48-4CD1-AFF3-F96561D2A885",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74AB840C-88D7-47CA-8716-0C0F6ABEE8E2",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5325B-B72B-46BB-9DCB-F8054621DA6D",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61972DA3-9423-4C13-98E3-F287BD414A59",
"versionEndExcluding": "3.5.17.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages."
},
{
"lang": "es",
"value": "El sistema CODESYS Control Runtime versiones anteriores a 3.5.17.0, presenta una comprobaci\u00f3n inapropiada de entrada.\u0026#xa0;Los atacantes pueden enviar paquetes de comunicaci\u00f3n dise\u00f1ados para cambiar el esquema de direccionamiento del enrutador y pueden redireccionar, agregar, eliminar o cambiar paquetes de comunicaci\u00f3n de bajo nivel."
}
],
"id": "CVE-2021-29242",
"lastModified": "2024-11-21T06:00:52.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-03T14:15:07.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com/security/security-reports.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 08:15
Modified
2024-11-21 07:05
Severity ?
Summary
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B49E7-1AE9-418A-AC9E-0166D16F38BD",
"versionEndExcluding": "2.3.9.38",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
},
{
"lang": "es",
"value": "El CODESYS Gateway Server versi\u00f3nV2 no verifica que el tama\u00f1o de una petici\u00f3n est\u00e9 dentro de los l\u00edmites previstos. Un atacante no autenticado puede asignar una cantidad arbitraria de memoria, lo que puede conllevar a un bloqueo del Gateway debido a una condici\u00f3n de falta de memoria"
}
],
"id": "CVE-2022-31804",
"lastModified": "2024-11-21T07:05:21.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2022-06-24T08:15:07.527",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-19 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | http://www.securityfocus.com/bid/106251 | Broken Link, Third Party Advisory, VDB Entry | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ | Mitigation, Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106251 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone_sl | * | |
| codesys | control_for_empc-a\/imx6_sl | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_toolkit | * | |
| codesys | control_win_sl | * | |
| codesys | development_system_v3 | * | |
| codesys | gateway | * | |
| codesys | hmi_sl | * | |
| codesys | opc_server | * | |
| codesys | plchandler | * | |
| codesys | safety_sil2 | * | |
| codesys | targetvisu_sl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00F359B4-0530-47A3-BFBB-BA7D32104919",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A3A591-9B7A-4328-93C8-728D3E3E045D",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E0C96B-5FD4-422A-B429-860192BC46A0",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0A629A-E3CE-428A-81C1-25965A681B73",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:targetvisu_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2E1543-D82B-4BE7-8C9C-4EAABFB1F68B",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
},
{
"lang": "es",
"value": "Existe el filtrado de direcciones de comunicaci\u00f3n incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0."
}
],
"id": "CVE-2018-20026",
"lastModified": "2024-11-21T04:00:47.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-19T21:29:00.290",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 08:15
Modified
2024-11-21 07:05
Severity ?
Summary
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B49E7-1AE9-418A-AC9E-0166D16F38BD",
"versionEndExcluding": "2.3.9.38",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password."
},
{
"lang": "es",
"value": "En CODESYS Gateway Server versi\u00f3n V2 para versiones anteriores a V2.3.9.38, s\u00f3lo es comparada una parte de la contrase\u00f1a especificada con la contrase\u00f1a real de CODESYS Gateway. Un atacante puede llevar a cabo la autenticaci\u00f3n especificando una peque\u00f1a contrase\u00f1a que coincida con la parte correspondiente de la contrase\u00f1a real m\u00e1s larga de CODESYS Gateway"
}
],
"id": "CVE-2022-31802",
"lastModified": "2024-11-21T07:05:21.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2022-06-24T08:15:07.393",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-187"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
var-201908-0056
Vulnerability from variot
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. There are security holes in several 3S-Smart Software Solutions products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "codesys control for beaglebone",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for iot2000",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for linux",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for pfc100",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for pfc200",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for raspberry pi",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control runtime system toolkit",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys development system",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:development_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9012",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160447",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9012",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-9012",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9012",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9012",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160447",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nThere are security holes in several 3S-Smart Software Solutions products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "VULHUB",
"id": "VHN-160447"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9012",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-03",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-04",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2901",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160447",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"id": "VAR-201908-0056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:59:48.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95917"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9012"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9012"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2901/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12938\u0026amp;token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026amp;download="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-160447"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"date": "2019-08-15T18:15:23.477000",
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-160447"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"date": "2024-11-21T04:50:48.627000",
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural 3S-Smart CODESYS Product depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
}
],
"trust": 0.6
}
}
var-201908-0055
Vulnerability from variot
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "codesys control for beaglebone",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for iot2000",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for linux",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for pfc100",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for pfc200",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control for raspberry pi",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys control runtime system toolkit",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys development system",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
},
{
"model": "codesys gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.20"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:development_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9010",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-160445",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9010",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9010",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9010",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-9010",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-161",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-160445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "VULHUB",
"id": "VHN-160445"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9010",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-03",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-04",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2901",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160445",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"id": "VAR-201908-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:59:48.915000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95921"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9010"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9010"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2901/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12937\u0026amp;token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026amp;download="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-160445"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"date": "2019-08-15T18:15:23.397000",
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-160445"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"date": "2024-11-21T04:50:48.343000",
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural 3S-Smart CODESYS Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
}
],
"trust": 0.6
}
}
var-202206-2040
Vulnerability from variot
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "2.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"cve": "CVE-2022-31803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-31803",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-423672",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31803",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31803",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31803",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2455",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-423672",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31803",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31803"
},
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31803",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423672",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31803",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"id": "VAR-202206-2040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:00:55.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Gateway Server Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197311"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31803/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17141\u0026amp;token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423672"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"date": "2022-06-24T08:15:07.463000",
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-423672"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"date": "2022-07-01T13:34:36.227000",
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Gateway Server Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
}
],
"trust": 0.6
}
}
var-202206-1921
Vulnerability from variot
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "2.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"cve": "CVE-2022-31802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-31802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-423671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31802",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31802",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31802",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2457",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-423671",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-31802",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31802"
},
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31802",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423671",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31802",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"id": "VAR-202206-1921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:42:38.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Gateway Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197313"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-187",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31802/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17141\u0026amp;token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/187.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423671"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"date": "2022-06-24T08:15:07.393000",
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-423671"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"date": "2022-07-01T13:34:15.277000",
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Gateway Server Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
}
],
"trust": 0.6
}
}
var-201909-0084
Vulnerability from variot
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "codesys control for beaglebone",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for iot2000",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for pfc100",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for pfc200",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control for raspberry pi",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control rte v3",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys control win sl",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
},
{
"model": "codesys hmi",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.15.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_win_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:hmi",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
}
]
},
"cve": "CVE-2019-9009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160444",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9009",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-9009",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9009",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9009",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-659",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160444",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "VULHUB",
"id": "VHN-160444"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-255-05",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-9009",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3487",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160444",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"id": "VAR-201909-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:05:59.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "CODESYS V3 runtime systems Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98233"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9009"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9009"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3487/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12941\u0026amp;token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026amp;download="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-160444"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"date": "2019-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"date": "2019-09-17T16:15:11.077000",
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-160444"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"date": "2024-11-21T04:50:48.197000",
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart CODESYS Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
],
"trust": 0.6
}
}
var-202204-1265
Vulnerability from variot
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"cve": "CVE-2022-22517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22517",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-411086",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22517",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22517",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-22517",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411086",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22517",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22517",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411086",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22517",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"id": "VAR-202204-1265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:47:27.660000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189797"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-334",
"trust": 1.0
},
{
"problemtype": "Insufficient use of random values (CWE-330) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22517"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22517/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17091\u0026amp;token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411086"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"date": "2022-04-07T19:15:08.300000",
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-411086"
},
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"date": "2023-07-24T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"date": "2024-11-21T06:46:56.430000",
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Insufficient Random Value Usage Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
],
"trust": 0.6
}
}
var-202105-1032
Vulnerability from variot
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 3s-smart Software Solutions 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products by German 3S-Smart Software Solutions (3s-smart Software Solutions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"cve": "CVE-2021-29241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-29241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-388814",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-29241",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29241",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-051",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388814",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-29241",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 3s-smart Software Solutions 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products by German 3S-Smart Software Solutions (3s-smart Software Solutions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29241"
},
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29241",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-388814",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-29241",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"id": "VAR-202105-1032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:31:43.800000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3S-Smart Software Solutions CODESYS Gateway Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150531"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://customers.codesys.com/index.php"
},
{
"trust": 1.8,
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29241"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=14637\u0026amp;token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-388814"
},
{
"date": "2021-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"date": "2021-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"date": "2021-05-03T14:15:07.633000",
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-388814"
},
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"date": "2021-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"date": "2022-04-01T15:26:04.663000",
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
}
],
"trust": 0.6
}
}
var-202204-1264
Vulnerability from variot
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"cve": "CVE-2022-22513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2022-22513",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-411082",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22513",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22513",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22513",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22513",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2623",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-411082",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-22513",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22513",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411082",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22513",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"id": "VAR-202204-1264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:10:54.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189579"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22513"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22513/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411082"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"date": "2023-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"date": "2022-04-07T19:15:08.073000",
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411082"
},
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"date": "2023-07-21T08:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"date": "2024-11-21T06:46:55.900000",
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
],
"trust": 0.6
}
}
var-202105-1033
Vulnerability from variot
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. 3s-smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions (3s-smart Software Solutions) company in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for linux arm sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for plcnext sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux arm sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "remote target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "plchandler",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "simulation runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "plchandler",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "opc server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "opc server",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"cve": "CVE-2021-29242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-29242",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-388815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-29242",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29242",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388815",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-29242",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages. 3s-smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions (3s-smart Software Solutions) company in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29242"
},
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29242",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-388815",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-29242",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"id": "VAR-202105-1033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:27:45.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3s-smart Software Solutions CODESYS Control Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150530"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://customers.codesys.com/index.php"
},
{
"trust": 1.8,
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29242"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=14640\u0026amp;token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-388815"
},
{
"date": "2021-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"date": "2021-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"date": "2021-05-03T14:15:07.667000",
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-388815"
},
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"date": "2021-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"date": "2021-09-14T18:18:36.333000",
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3s-smart Software Solutions CODESYS Control Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
}
],
"trust": 0.6
}
}
var-202206-1829
Vulnerability from variot
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1829",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "2.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"cve": "CVE-2022-31804",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-31804",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-423673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31804",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31804",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31804",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31804",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31804",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31804",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"id": "VAR-202206-1829",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:32:41.362000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Gateway Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197309"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-789",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31804/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17141\u0026amp;token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/789.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423673"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"date": "2022-06-24T08:15:07.527000",
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-423673"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"date": "2022-07-01T13:35:00.340000",
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Gateway Server Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
}
}
var-202207-0490
Vulnerability from variot
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0490",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "control for wago touch panels 600",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "remote target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"cve": "CVE-2022-30791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-30791",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-422575",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-30791",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-012665",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-30791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-30791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-30791",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-787",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422575",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-30791",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30791",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422575",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30791",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"id": "VAR-202207-0490",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:22:03.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3S-Smart Software Solutions CODESYS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200893"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30791"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30791/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17128\u0026amp;token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-422575"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"date": "2023-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"date": "2022-07-11T11:15:08.177000",
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-422575"
},
{
"date": "2022-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"date": "2023-08-31T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"date": "2022-09-23T16:26:08.200000",
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
}
],
"trust": 0.6
}
}
var-202001-1803
Vulnerability from variot
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control , Gateway , HMI Contains a resource exhaustion vulnerability.Denial of service operation (DoS) May be in a state. CoDeSys is a powerful PLC software programming tool.
CODESYS Control memory allocation is secure. Remote attackers can use this vulnerability to submit special requests to conduct denial-of-service attacks. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1803",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "simulation runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.40"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil2",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.80"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.10.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.10"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.8.60"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "codesys control for beaglebone",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "control for plcnext",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys hmi",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "control",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": "hmi",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "control rte",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for plcnext",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control runtime system toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gateway",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hmi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "safety sil2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simulation runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"cve": "CVE-2020-7052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-7052",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-13190",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-185177",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7052",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-7052",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7052",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-7052",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-13190",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1104",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-185177",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control , Gateway , HMI Contains a resource exhaustion vulnerability.Denial of service operation (DoS) May be in a state. CoDeSys is a powerful PLC software programming tool. \n\r\n\r\nCODESYS Control memory allocation is secure. Remote attackers can use this vulnerability to submit special requests to conduct denial-of-service attacks. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7052"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "VULHUB",
"id": "VHN-185177"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7052",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2020-04",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-13190",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515",
"trust": 0.8
},
{
"db": "IVD",
"id": "A64EF9AA-2BB3-4067-B045-CC3D87B01A10",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185177",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"id": "VAR-202001-1803",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
}
],
"trust": 1.23333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
}
]
},
"last_update_date": "2024-11-23T21:51:41.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02020-01",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"title": "Patch for CODESYS Control Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204645"
},
{
"title": "Multiple 3S-Smart Software Solutions Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112808"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Resource depletion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7052"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12977\u0026amp;token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026amp;download="
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-24T00:00:00",
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"date": "2020-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-185177"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"date": "2020-01-24T20:15:10.970000",
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-185177"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"date": "2024-11-21T05:36:34.220000",
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
],
"trust": 0.8
}
}
var-202204-0725
Vulnerability from variot
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0725",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"cve": "CVE-2022-22514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2022-22514",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-411083",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22514",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22514",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-22514",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2621",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411083",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22514",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22514",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411083",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22514",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"id": "VAR-202204-0725",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:10:48.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189800"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-822",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "unreliable pointer dereference (CWE-822) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22514"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22514/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/822.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411083"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"date": "2022-04-07T19:15:08.133000",
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411083"
},
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"date": "2023-07-24T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"date": "2022-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"date": "2024-11-21T06:46:56.033000",
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product Untrusted Pointer Dereference Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
],
"trust": 0.6
}
}
var-201902-0732
Vulnerability from variot
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS V3 The product contains vulnerabilities related to security functions.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development.
A security vulnerability exists in several 3S-Smart Software Solutions products, which stems from programs that do not properly restrict communication channels. An attacker could use this vulnerability to impersonate the source of a communication packet. The following products are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Development System, CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0732",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys control rte v3",
"scope": null,
"trust": 1.6,
"vendor": "3s smart",
"version": null
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "development system v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "opc server",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "plchandler",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil2",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "opc server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "development system v3",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "targetvisu sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "plchandler",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "targetvisu sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "codesys control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys simulation runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys safety sil2",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys remote target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys embedded target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys development system",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys plchandler sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys opc server",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control win",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control runtime system toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control rte",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control for raspberry pi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc200",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc100",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for iot2000",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for beaglebone",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl_%28for_beckhoff_cx%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:runtime_system_toolkit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Nochvay from Kaspersky Lab",
"sources": [
{
"db": "BID",
"id": "106251"
}
],
"trust": 0.3
},
"cve": "CVE-2018-20026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20026",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-130791",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20026",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-20026",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20026",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-20026",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-787",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-130791",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS V3 The product contains vulnerabilities related to security functions.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company\u0027s programming software for industrial control system development. \n\nA security vulnerability exists in several 3S-Smart Software Solutions products, which stems from programs that do not properly restrict communication channels. An attacker could use this vulnerability to impersonate the source of a communication packet. The following products are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Development System, CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities:\n1. An insecure random number generator weakness\n3. A spoofing vulnerability\nAn attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20026"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "VULHUB",
"id": "VHN-130791"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20026",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-352-04",
"trust": 2.8
},
{
"db": "BID",
"id": "106251",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-130791",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"id": "VAR-201902-0732",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:37:55.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87985"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106251"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20026"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20026"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-352-04"
},
{
"trust": 0.3,
"url": "https://www.codesys.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-130791"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"date": "2019-02-19T21:29:00.290000",
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-130791"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"date": "2024-11-21T04:00:47.033000",
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS V3 Vulnerabilities related to security functions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
}
],
"trust": 0.6
}
}
var-201902-0731
Vulnerability from variot
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development.
A number of 3S-Smart Software Solutions products have security vulnerabilities that result from programs using values with insufficient randomness. An attacker could use this vulnerability to affect the confidentiality and integrity of the data. The following products are affected: 3S-Smart CODESYS Control for BeagleBone; CODESYS Control for emPC-A / iMX6; CODESYS Control for IOT2000; CODESYS Control for Linux; CODESYS Control for PFC100; CODESYS Control for PFC200; CODESYS Control for Raspberry Pi; CODESYS Control RTE V3; CODESYS Control RTE V3 (for Beckhoff CX); CODESYS Control Win V3 (part of CODESYS Development System setup); CODESYS Control V3 Runtime System Toolkit; CODESYS V3 Embedded Target Visu Toolkit; CODESYS V3 Remote Target Visu Toolkit; CODESYS V3 Safety SIL2; CODESYS Gateway V3; CODESYS HMI V3; CODESYS OPC Server V3; CODESYS PLCHandler SDK; CODESYS V3 Development System; CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys control rte v3",
"scope": null,
"trust": 1.6,
"vendor": "3s smart",
"version": null
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "safety sil2",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "codesys control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for iot2000",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for linux",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc100",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for pfc200",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control for raspberry pi",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys control runtime toolkit",
"scope": null,
"trust": 0.8,
"vendor": "3s smart",
"version": null
},
{
"model": "codesys simulation runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys safety sil2",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys remote target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys embedded target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys development system",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys plchandler sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys opc server",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control win",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control runtime system toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control rte",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control for raspberry pi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc200",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc100",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for iot2000",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for beaglebone",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:control_for_beaglebone_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_empc-a%2fimx6_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_iot2000_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_linux_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc100_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_pfc200_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_for_raspberry_pi_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:control_rte_sl_%28for_beckhoff_cx%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:codesys:codesys_runtime_toolkit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Nochvay from Kaspersky Lab",
"sources": [
{
"db": "BID",
"id": "106251"
}
],
"trust": 0.3
},
"cve": "CVE-2018-20025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-130790",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20025",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20025",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-20025",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-786",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-130790",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company\u0027s programming software for industrial control system development. \n\nA number of 3S-Smart Software Solutions products have security vulnerabilities that result from programs using values with insufficient randomness. An attacker could use this vulnerability to affect the confidentiality and integrity of the data. The following products are affected: 3S-Smart CODESYS Control for BeagleBone; CODESYS Control for emPC-A / iMX6; CODESYS Control for IOT2000; CODESYS Control for Linux; CODESYS Control for PFC100; CODESYS Control for PFC200; CODESYS Control for Raspberry Pi; CODESYS Control RTE V3; CODESYS Control RTE V3 (for Beckhoff CX); CODESYS Control Win V3 (part of CODESYS Development System setup); CODESYS Control V3 Runtime System Toolkit; CODESYS V3 Embedded Target Visu Toolkit; CODESYS V3 Remote Target Visu Toolkit; CODESYS V3 Safety SIL2; CODESYS Gateway V3; CODESYS HMI V3; CODESYS OPC Server V3; CODESYS PLCHandler SDK; CODESYS V3 Development System; CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities:\n1. An insecure random number generator weakness\n3. A spoofing vulnerability\nAn attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20025"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "VULHUB",
"id": "VHN-130790"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20025",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-352-04",
"trust": 2.8
},
{
"db": "BID",
"id": "106251",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-130790",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"id": "VAR-201902-0731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
}
],
"trust": 0.34064171
},
"last_update_date": "2024-11-23T22:37:55.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87984"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-04"
},
{
"trust": 2.0,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106251"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20025"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20025"
},
{
"trust": 0.3,
"url": "https://www.codesys.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-130790"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"date": "2019-02-19T21:29:00.243000",
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-130790"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"date": "2024-11-21T04:00:46.897000",
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Vulnerabilities related to insufficient random values in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
}
],
"trust": 0.6
}
}
var-202108-1804
Vulnerability from variot
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. CODESYS Gateway for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1804",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.10"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "3 that\u0027s all 3.5.17.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"cve": "CVE-2021-36764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-36764",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-398616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-36764",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-36764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36764",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-36764",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-406",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-398616",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-36764",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. CODESYS Gateway for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36764"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-36764",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-398616",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-36764",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"id": "VAR-202108-1804",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:18:23.031000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-12",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
},
{
"title": "3S-Smart Software Solutions CODESYS GatewayService Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159689"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36764"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=16804\u0026amp;token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-398616"
},
{
"date": "2021-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"date": "2022-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"date": "2021-08-04T14:15:08.507000",
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-398616"
},
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"date": "2022-08-22T06:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"date": "2021-08-11T00:09:32.477000",
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0Gateway\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
}
],
"trust": 0.6
}
}
var-202206-1953
Vulnerability from variot
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1953",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.69"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
},
{
"model": "plchandler",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "opc server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "plcwinnt",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.57"
},
{
"model": "web server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "1.1.9.23"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "sp realtime nt",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.7.30"
},
{
"model": "runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.57"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"cve": "CVE-2022-31805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-31805",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423674",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31805",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2454",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423674",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31805",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31805"
},
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31805",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423674",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31805",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"id": "VAR-202206-1953",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-17T23:19:11.279000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Development System Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199005"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ic3sw0rd/Codesys_V2_Vulnerability "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-523",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31805/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17140\u0026amp;token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/523.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ic3sw0rd/codesys_v2_vulnerability"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423674"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"date": "2022-06-24T08:15:07.590000",
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-423674"
},
{
"date": "2022-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"date": "2022-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"date": "2024-09-16T19:16:03.700000",
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Development System Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
],
"trust": 0.6
}
}
var-202207-0363
Vulnerability from variot
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "control for wago touch panels 600",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "remote target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"cve": "CVE-2022-30792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-30792",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-422576",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-30792",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-012664",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-30792",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-30792",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-30792",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-791",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422576",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-30792",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30792",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422576",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30792",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"id": "VAR-202207-0363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:00:54.926000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3S-Smart Software Solutions CODESYS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200895"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30792"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30792/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17128\u0026amp;token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-422576"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"date": "2023-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"date": "2022-07-11T11:15:08.240000",
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-422576"
},
{
"date": "2022-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"date": "2023-08-31T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"date": "2022-09-23T16:25:41.847000",
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
}
],
"trust": 0.6
}
}