7.5
CVE-2019-13532
- EPSS 2.39%
- Published 13.09.2019 17:15:11
- Last modified 21.11.2024 04:25:05
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
Data is provided by the National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Version < 3.5.14.10
Codesys ≫ Control For Empc-a/imx6 Version < 3.5.14.10
Codesys ≫ Control For Iot2000 Version < 3.5.14.10
Codesys ≫ Control For Linux Version < 3.5.14.10
Codesys ≫ Control For Pfc100 Version < 3.5.14.10
Codesys ≫ Control For Pfc200 Version < 3.5.14.10
Codesys ≫ Control For Raspberry Pi Version < 3.5.14.10
Codesys ≫ Control Rte Version >= 3.5.8.60 < 3.5.12.80
Codesys ≫ Control Rte Version >= 3.5.13.0 < 3.5.14.10
Codesys ≫ Control Runtime System Toolkit Version >= 3.0 < 3.5.12.80
Codesys ≫ Control Win Version >= 3.5.9.80 <= 3.5.12.80
Codesys ≫ Control Win Version >= 3.5.13.0 < 3.5.14.10
Codesys ≫ Embedded Target Visu Toolkit Version >= 3.0 < 3.5.12.80
Codesys ≫ Remote Target Visu Toolkit Version >= 3.0 < 3.5.12.80
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.39% | 0.844 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.