CVE-2019-13542 — NULL Pointer Dereference in Control FOR Beaglebone

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 63.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone Codesys Control FOR Empc-a Imx6 Codesys Control FOR Iot2000 +8 more

Timeline

PublishedSep 17

Latest updateMay 24

Description

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5gmbh/3s-smart_software_solutions_gmbh_codesys_v3_opc_ua_serverall versions 3.5.11.0 to 3.5.15.0

▶NVDcodesys/linux3.5.11.0 — 3.5.15.0

▶NVDcodesys/control3.5.11.0 — 3.5.15.0

▶NVDcodesys/control_rte3.5.11.0 — 3.5.15.0

▶NVDcodesys/control_win3.5.11.0 — 3.5.15.0

🔴Vulnerability Details

GHSA

GHSA-87r9-pj76-c2hq: 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3↗2022-05-24

▶

CVEList

CVE-2019-13542: 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3↗2019-09-17

▶