CVE-2019-9012

EPSS 0.28%
Veröffentlicht 15.08.2019 18:15:23
Zuletzt bearbeitet 21.11.2024 04:50:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codesys ≫ Control For Beaglebone Sl Version >= 3.0 < 3.5.14.20

Codesys ≫ Control For Empc-a/imx6 Sl Version >= 3.0 < 3.5.14.20

Codesys ≫ Control For Iot2000 Sl Version >= 3.0 < 3.5.14.20

Codesys ≫ Control For Linux Sl Version >= 3.0 < 3.5.14.20

Codesys ≫ Control For Pfc100 Sl Version >= 3.0 < 3.5.14.20

Codesys ≫ Control For Pfc200 Sl Version >= 3.0 < 3.5.14.20

Codesys ≫ Control For Raspberry Pi Sl Version >= 3.0 < 3.5.14.20

Codesys ≫ Control Runtime Toolkit Version >= 3.0 < 3.5.14.20

Codesys ≫ Development System Version >= 3.0 < 3.5.14.20

Codesys ≫ Gateway Version >= 3.0 < 3.5.14.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.513

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.us-cert.gov/ics/advisories/icsa-19-213-03

Third Party Advisory

US Government Resource

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download=

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-9012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-9012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-9012

EUVD