CVE-2019-13532
published 2019-09-13CVE-2019-13532: CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | control_for_beaglebone | < 3.5.14.10 | 3.5.14.10 |
| codesys | control_for_empc-a_imx6 | < 3.5.14.10 | 3.5.14.10 |
| codesys | control_for_iot2000 | < 3.5.14.10 | 3.5.14.10 |
| codesys | control_for_linux | < 3.5.14.10 | 3.5.14.10 |
| codesys | control_for_pfc100 | < 3.5.14.10 | 3.5.14.10 |
| codesys | control_for_pfc200 | < 3.5.14.10 | 3.5.14.10 |
| codesys | control_for_raspberry_pi | < 3.5.14.10 | 3.5.14.10 |
| codesys | control_rte | >= 3.5.13.0 < 3.5.14.10 | 3.5.14.10 |
| codesys | control_rte | >= 3.5.8.60 < 3.5.12.80 | 3.5.12.80 |
| codesys | control_runtime_system_toolkit | >= 3.0 < 3.5.12.80 | 3.5.12.80 |
| codesys | control_win | >= 3.5.13.0 < 3.5.14.10 | 3.5.14.10 |
| codesys | control_win | 3.5.9.80 – 3.5.12.80 | — |
| codesys | embedded_target_visu_toolkit | >= 3.0 < 3.5.12.80 | 3.5.12.80 |
| codesys | hmi | >= 3.5.10.0 < 3.5.12.80 | 3.5.12.80 |
| codesys | hmi | >= 3.5.13.0 < 3.5.14.10 | 3.5.14.10 |
| codesys | remote_target_visu_toolkit | >= 3.0 < 3.5.12.80 | 3.5.12.80 |