CVE-2019-13538

EPSS 0.23%
Published 17.09.2019 20:15:11
Last modified 21.11.2024 04:25:06
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Codesys ≫ Codesys Version < 3.5.16.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.461

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	1.8	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f

Vendor Advisory

https://www.us-cert.gov/ics/advisories/icsa-19-255-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-13538

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13538

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13538

EUVD