6.5

CVE-2020-7052

Exploit
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CodesysControl For Beaglebone Version < 3.5.15.30
CodesysControl For Empc-a/imx6 Version < 3.5.15.30
CodesysControl For Iot2000 Version < 3.5.15.30
CodesysControl For Linux Version < 3.5.15.30
CodesysControl For Pfc100 Version < 3.5.15.30
CodesysControl For Pfc200 Version < 3.5.15.30
CodesysControl For Plcnext Version < 3.5.15.30
CodesysControl For Raspberry Pi Version < 3.5.15.30
CodesysControl Rte Version >= 3.5.8.60 < 3.5.15.30
CodesysControl Rte SwPlatformbeckhoff_cx Version >= 3.5.8.60 < 3.5.15.30
CodesysControl Runtime System Toolkit Version >= 3.0 < 3.5.15.30
CodesysControl Win Version >= 3.5.9.80 < 3.5.15.30
CodesysGateway Version >= 3.5.15.10 < 3.5.15.30
CodesysHmi Version >= 3.5.10.0 < 3.5.15.30
CodesysSafety Sil2 Version >= 3.0 < 3.5.15.30
CodesysSimulation Runtime Version >= 3.5.9.40 < 3.5.15.30
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.88% 0.768
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=
Vendor Advisory
https://www.tenable.com/security/research/tra-2020-04
Third Party Advisory
Exploit