CVE-2019-13548

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICAL

EPSS

2.4%

top 14.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone Codesys Control FOR Empc-a\/imx6 Codesys Control FOR Iot2000 +10 more

Timeline

PublishedSep 13

Latest updateMay 24

Description

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDcodesys/remote_target_visu_toolkit3.0 — 3.5.12.80

▶CVEListV5codesys_v3_web_serverall versions prior to 3.5.14.10

▶NVDcodesys/hmi3.5.10.0 — 3.5.12.80+1

▶NVDcodesys/control< 3.5.14.10

▶NVDcodesys/control_rte3.5.8.60 — 3.5.12.80+1

Patches

Patch: www.us-cert.gov ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-446p-4p8x-ff66: CODESYS V3 web server, all versions prior to 3↗2022-05-24

▶

CVEList

CVE-2019-13548: CODESYS V3 web server, all versions prior to 3↗2019-09-13

▶