Lucene search

[email protected]CVE-2019-9009

HistorySep 17, 2019 - 4:15 p.m.

CVE-2019-9009

2019-09-1716:15:11

CWE-755

[email protected]

web.nvd.nist.gov

3s-smart

codesys

cve-2019-9009

network security

control runtime

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

Affected configurations

NVD

Node

codesyscontrol_for_beagleboneRange<3.5.15.0

codesyscontrol_for_empc-a\/imx6Range<3.5.15.0

codesyscontrol_for_iot2000Range<3.5.15.0

codesyscontrol_for_pfc100Range<3.5.15.0

codesyscontrol_for_pfc200Range<3.5.15.0

codesyscontrol_for_raspberry_piRange<3.5.15.0

codesyscontrol_rteRange<3.5.15.0

codesyscontrol_winRange<3.5.15.0

codesysgatewayRange<3.5.15.0

codesyshmiRange<3.5.15.0

codesyslinuxRange<3.5.15.0

codesysruntime_system_toolkitRange<3.5.15.0

codesyssafety_sil2Range<3.5.15.0

codesyssimulation_runtimeRange<3.5.15.0

CPENameOperatorVersion
codesys:control_for_beaglebonecodesys control for beaglebonelt3.5.15.0
codesys:control_for_empc-a\/imx6codesys control for empc-a/imx6lt3.5.15.0
codesys:control_for_iot2000codesys control for iot2000lt3.5.15.0
codesys:control_for_pfc100codesys control for pfc100lt3.5.15.0
codesys:control_for_pfc200codesys control for pfc200lt3.5.15.0
codesys:control_for_raspberry_picodesys control for raspberry pilt3.5.15.0
codesys:control_rtecodesys control rtelt3.5.15.0
codesys:control_wincodesys control winlt3.5.15.0
codesys:gatewaycodesys gatewaylt3.5.15.0
codesys:hmicodesys hmilt3.5.15.0

CPE	Name	Operator	Version
codesys:control_for_beaglebone	codesys control for beaglebone	lt	3.5.15.0
codesys:control_for_empc-a\/imx6	codesys control for empc-a/imx6	lt	3.5.15.0
codesys:control_for_iot2000	codesys control for iot2000	lt	3.5.15.0
codesys:control_for_pfc100	codesys control for pfc100	lt	3.5.15.0
codesys:control_for_pfc200	codesys control for pfc200	lt	3.5.15.0
codesys:control_for_raspberry_pi	codesys control for raspberry pi	lt	3.5.15.0
codesys:control_rte	codesys control rte	lt	3.5.15.0
codesys:control_win	codesys control win	lt	3.5.15.0
codesys:gateway	codesys gateway	lt	3.5.15.0
codesys:hmi	codesys hmi	lt	3.5.15.0

Rows per page:

1-10 of 141

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=

www.us-cert.gov/ics/advisories/icsa-19-255-05

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

Related for CVE-2019-9009

cvelist1 nvd1 prion1 ics1