CVE-2019-13548: CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
codesys	control_for_beaglebone	< 3.5.14.10	3.5.14.10
codesys	control_for_empc-a_imx6	< 3.5.14.10	3.5.14.10
codesys	control_for_iot2000	< 3.5.14.10	3.5.14.10
codesys	control_for_linux	< 3.5.14.10	3.5.14.10
codesys	control_for_pfc100	< 3.5.14.10	3.5.14.10
codesys	control_for_pfc200	< 3.5.14.10	3.5.14.10
codesys	control_for_raspberry_pi	< 3.5.14.10	3.5.14.10
codesys	control_rte	>= 3.5.13.0 < 3.5.14.10	3.5.14.10
codesys	control_rte	>= 3.5.8.60 < 3.5.12.80	3.5.12.80
codesys	control_runtime_system_toolkit	>= 3.0 < 3.5.12.80	3.5.12.80
codesys	control_win	>= 3.5.13.0 < 3.5.14.10	3.5.14.10
codesys	control_win	3.5.9.80 – 3.5.12.80	—
codesys	embedded_target_visu_toolkit	>= 3.0 < 3.5.12.80	3.5.12.80
codesys	hmi	>= 3.5.10.0 < 3.5.12.80	3.5.12.80
codesys	hmi	>= 3.5.13.0 < 3.5.14.10	3.5.14.10
codesys	remote_target_visu_toolkit	>= 3.0 < 3.5.12.80	3.5.12.80