Sign-up

ID

VAR-201908-0055


CVE

CVE-2019-9010


TITLE

plural 3S-Smart CODESYS Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008668

DESCRIPTION

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement

Trust: 2.25

sources: NVD: CVE-2019-9010 // JVNDB: JVNDB-2019-008668 // CNNVD: CNNVD-201908-161 // VULHUB: VHN-160445

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for linux slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for empc-a\/imx6 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:development systemscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:3s smartmodel:codesys control for beaglebonescope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for empc-a/imx6scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for iot2000scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for linuxscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc100scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc200scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for raspberry piscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control runtime system toolkitscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys development systemscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys gatewayscope:ltversion:3.5.14.20

Trust: 0.8

sources: JVNDB: JVNDB-2019-008668 // NVD: CVE-2019-9010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9010
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-9010
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-161
value: CRITICAL

Trust: 0.6

VULHUB: VHN-160445
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9010
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-160445
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9010
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-9010
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160445 // JVNDB: JVNDB-2019-008668 // CNNVD: CNNVD-201908-161 // NVD: CVE-2019-9010

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-160445 // JVNDB: JVNDB-2019-008668 // NVD: CVE-2019-9010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-161

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-161

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008668

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:Multiple 3S-Smart Software Solutions Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95921
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008668 // 
            
            
            
            CNNVD: CNNVD-201908-161

EXTERNAL IDS
db:NVDid:CVE-2019-9010
Trust: 2.5
db:ICS CERTid:ICSA-19-213-03
Trust: 2.5
db:JVNDBid:JVNDB-2019-008668
Trust: 0.8
db:CNNVDid:CNNVD-201908-161
Trust: 0.7
db:ICS CERTid:ICSA-19-213-04
Trust: 0.6
db:AUSCERTid:ESB-2019.2901
Trust: 0.6
db:VULHUBid:VHN-160445
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160445 // 
            
            
            
            JVNDB: JVNDB-2019-008668 // 
            
            
            
            CNNVD: CNNVD-201908-161 // 
            
            
            
            NVD: CVE-2019-9010

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-213-03
Trust: 3.1
url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-9010
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9010
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-213-04
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2901/
Trust: 0.6
url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160445 // 
            
            
            
            JVNDB: JVNDB-2019-008668 // 
            
            
            
            CNNVD: CNNVD-201908-161 // 
            
            
            
            NVD: CVE-2019-9010

CREDITS
3S-Smart Software Solutions GmbH
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-161

SOURCES
db:VULHUBid:VHN-160445
db:JVNDBid:JVNDB-2019-008668
db:CNNVDid:CNNVD-201908-161
db:NVDid:CVE-2019-9010

LAST UPDATE DATE
2024-11-23T21:59:48.915000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160445date:2023-02-23T00:00:00
db:JVNDBid:JVNDB-2019-008668date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-161date:2020-08-25T00:00:00
db:NVDid:CVE-2019-9010date:2024-11-21T04:50:48.343

SOURCES RELEASE DATE
db:VULHUBid:VHN-160445date:2019-08-15T00:00:00
db:JVNDBid:JVNDB-2019-008668date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-161date:2019-08-01T00:00:00
db:NVDid:CVE-2019-9010date:2019-08-15T18:15:23.397