CVE-2019-13532 — Path Traversal in Control FOR Beaglebone

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.6%

top 18.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone Codesys Control FOR Empc-a Imx6 Codesys Control FOR Iot2000 +10 more

Timeline

PublishedSep 13

Latest updateMay 24

Description

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDcodesys/hmi3.5.10.0 — 3.5.12.80+1

▶NVDcodesys/control< 3.5.14.10

▶NVDcodesys/control_rte3.5.8.60 — 3.5.12.80+1

▶NVDcodesys/control_win3.5.13.0 — 3.5.14.10+1

▶NVDcodesys/remote_target_visu_toolkit3.0 — 3.5.12.80

Patches

Patch: www.us-cert.gov ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-f2j7-4v6c-qhf6: CODESYS V3 web server, all versions prior to 3↗2022-05-24

▶

CVEList

CVE-2019-13532: CODESYS V3 web server, all versions prior to 3↗2019-09-13

▶