CVE-2024-5000
published 2024-06-04CVE-2024-5000: An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | codesys_control_for_beaglebone_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_empc-a_imx6_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_iot2000_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_linux_arm_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_linux_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_pfc100_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_pfc200_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_plcnext_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_raspberry_pi_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_for_wago_touch_panels_600_sl | < 4.12.0.0 | 4.12.0.0 |
| codesys | codesys_control_rte | < 3.5.20.10 | 3.5.20.10 |
| codesys | codesys_control_rte_sl | < 3.5.20.10 | 3.5.20.10 |
| codesys | codesys_control_win | < 3.5.20.10 | 3.5.20.10 |
| codesys | codesys_hmi | < 3.5.20.10 | 3.5.20.10 |
| codesys | codesys_runtime_toolkit | < 3.5.20.10 | 3.5.20.10 |
| dgtlmoon | changedetection.io | >= 0.39.14 < 0.45.13 | 0.45.13 |
| chrome_chrome | — | — | |
| juniper | junos_os | — | — |
| juniper | srx_series | — | — |