CVE-2019-19789 — NULL Pointer Dereference in Plcwinnt

CWE-476 — NULL Pointer Dereference8 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Plcwinnt Codesys Runtime Toolkit Codesys SP Realtime NT

Timeline

PublishedDec 20

Latest updateMay 24

Description

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcodesys/runtime_toolkit< 2.4.7.54

▶NVDcodesys/plcwinnt< 2.4.7.54

▶NVDcodesys/sp_realtime_nt< 2.3.7.28

🔴Vulnerability Details

GHSA

GHSA-9crr-pwpm-h268: 3S-Smart CODESYS SP Realtime NT before V2↗2022-05-24

▶

CVEList

CVE-2019-19789: 3S-Smart CODESYS SP Realtime NT before V2↗2019-12-20

▶

💬Community

Bugzilla

CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7↗2019-06-12

▶