CVE-2019-13538

EPSS 0.23%
Veröffentlicht 17.09.2019 20:15:11
Zuletzt bearbeitet 21.11.2024 04:25:06
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codesys ≫ Codesys Version < 3.5.16.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.461

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	1.8	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f

Vendor Advisory

https://www.us-cert.gov/ics/advisories/icsa-19-255-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-13538

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13538

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13538

EUVD