Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-13542

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.

Published

2019-09-17T19:15:10.757

Last Modified

2024-11-21T04:25:06.737

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-476
Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	codesys	control_for_beaglebone	< 3.5.15.0	Yes
Application	codesys	control_for_empc-a\/imx6	< 3.5.15.0	Yes
Application	codesys	control_for_iot2000	< 3.5.15.0	Yes
Application	codesys	control_for_pfc100	< 3.5.15.0	Yes
Application	codesys	control_for_pfc200	< 3.5.15.0	Yes
Application	codesys	control_for_raspberry_pi	< 3.5.15.0	Yes
Application	codesys	control_rte	< 3.5.15.0	Yes
Application	codesys	control_win	< 3.5.15.0	Yes
Application	codesys	linux	< 3.5.15.0	Yes
Application	codesys	runtime_system_toolkit	< 3.5.15.0	Yes

References

https://www.us-cert.gov/ics/advisories/icsa-19-255-04 Third Party Advisory, US Government Resource ([email protected])
https://www.us-cert.gov/ics/advisories/icsa-19-255-04 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)