CRITICAL🇬🇧 English

CVE-2019-13548

CVSS 9.8v3.1pub. 2019-09-13upd. 2024-11-21

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codesys Control For Beaglebone

    APP
    Codesys
    < 3.5.14.10
  • Codesys Control For Empc A\/imx6

    APP
    Codesys
    < 3.5.14.10
  • Codesys Control For Iot2000

    APP
    Codesys
    < 3.5.14.10
  • Codesys Control For Linux

    APP
    Codesys
    < 3.5.14.10
  • Codesys Control For Pfc100

    APP
    Codesys
    < 3.5.14.10
  • Codesys Control For Pfc200

    APP
    Codesys
    < 3.5.14.10
  • Codesys Control For Raspberry Pi

    APP
    Codesys
    < 3.5.14.10
  • Codesys Control Rte

    APP
    Codesys
    3.5.8.60 – 3.5.12.80 (bez)3.5.13.0 – 3.5.14.10 (bez)
  • Codesys Control Runtime System Toolkit

    APP
    Codesys
    3.0 – 3.5.12.80 (bez)
  • Codesys Control Win

    APP
    Codesys
    3.5.9.80 – 3.5.12.803.5.13.0 – 3.5.14.10 (bez)
  • Codesys Embedded Target Visu Toolkit

    APP
    Codesys
    3.0 – 3.5.12.80 (bez)
  • Codesys Hmi

    APP
    Codesys
    3.5.10.0 – 3.5.12.80 (bez)3.5.13.0 – 3.5.14.10 (bez)
  • Codesys Remote Target Visu Toolkit

    APP
    Codesys
    3.0 – 3.5.12.80 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2021-33485CRITICAL9.8ten sam produkt

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVE-2020-10245CRITICAL9.8ten sam produkt

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

CVE-2019-18858CRITICAL9.8ten sam produkt

CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overf...

CVE-2023-6357HIGH8.8ten sam produkt

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via fil...

CVE-2022-4046HIGH8.8ten sam produkt

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buf...