CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
2019-09-13T17:15:11.693
2024-11-21T04:25:07.460
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | codesys | control_for_beaglebone | < 3.5.14.10 | Yes |
| Application | codesys | control_for_empc-a\/imx6 | < 3.5.14.10 | Yes |
| Application | codesys | control_for_iot2000 | < 3.5.14.10 | Yes |
| Application | codesys | control_for_linux | < 3.5.14.10 | Yes |
| Application | codesys | control_for_pfc100 | < 3.5.14.10 | Yes |
| Application | codesys | control_for_pfc200 | < 3.5.14.10 | Yes |
| Application | codesys | control_for_raspberry_pi | < 3.5.14.10 | Yes |
| Application | codesys | control_rte | < 3.5.12.80 | Yes |
| Application | codesys | control_rte | < 3.5.14.10 | Yes |
| Application | codesys | control_runtime_system_toolkit | < 3.5.12.80 | Yes |
| Application | codesys | control_win | ≤ 3.5.12.80 | Yes |
| Application | codesys | control_win | < 3.5.14.10 | Yes |
| Application | codesys | embedded_target_visu_toolkit | < 3.5.12.80 | Yes |
| Application | codesys | hmi | < 3.5.12.80 | Yes |
| Application | codesys | hmi | < 3.5.14.10 | Yes |
| Application | codesys | remote_target_visu_toolkit | < 3.5.12.80 | Yes |