Sign-up

ID

VAR-201908-0056


CVE

CVE-2019-9012


TITLE

plural 3S-Smart CODESYS Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008669

DESCRIPTION

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. There are security holes in several 3S-Smart Software Solutions products

Trust: 2.25

sources: NVD: CVE-2019-9012 // JVNDB: JVNDB-2019-008669 // CNNVD: CNNVD-201908-156 // VULHUB: VHN-160447

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for linux slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for empc-a\/imx6 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:development systemscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:3s smartmodel:codesys control for beaglebonescope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for empc-a/imx6scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for iot2000scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for linuxscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc100scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc200scope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control for raspberry piscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys control runtime system toolkitscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys development systemscope:ltversion:3.5.14.20

Trust: 0.8

vendor:3s smartmodel:codesys gatewayscope:ltversion:3.5.14.20

Trust: 0.8

sources: JVNDB: JVNDB-2019-008669 // NVD: CVE-2019-9012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9012
value: HIGH

Trust: 1.0

NVD: CVE-2019-9012
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-156
value: HIGH

Trust: 0.6

VULHUB: VHN-160447
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9012
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-160447
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9012
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-9012
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160447 // JVNDB: JVNDB-2019-008669 // CNNVD: CNNVD-201908-156 // NVD: CVE-2019-9012

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-160447 // JVNDB: JVNDB-2019-008669 // NVD: CVE-2019-9012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-156

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008669

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:Multiple 3S-Smart Software Solutions Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95917
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008669 // 
            
            
            
            CNNVD: CNNVD-201908-156

EXTERNAL IDS
db:NVDid:CVE-2019-9012
Trust: 2.5
db:ICS CERTid:ICSA-19-213-03
Trust: 2.5
db:JVNDBid:JVNDB-2019-008669
Trust: 0.8
db:CNNVDid:CNNVD-201908-156
Trust: 0.7
db:ICS CERTid:ICSA-19-213-04
Trust: 0.6
db:AUSCERTid:ESB-2019.2901
Trust: 0.6
db:VULHUBid:VHN-160447
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160447 // 
            
            
            
            JVNDB: JVNDB-2019-008669 // 
            
            
            
            CNNVD: CNNVD-201908-156 // 
            
            
            
            NVD: CVE-2019-9012

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-213-03
Trust: 3.1
url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download=
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-9012
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9012
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-213-04
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2901/
Trust: 0.6
url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download=
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160447 // 
            
            
            
            JVNDB: JVNDB-2019-008669 // 
            
            
            
            CNNVD: CNNVD-201908-156 // 
            
            
            
            NVD: CVE-2019-9012

CREDITS
3S-Smart Software Solutions GmbH
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-156

SOURCES
db:VULHUBid:VHN-160447
db:JVNDBid:JVNDB-2019-008669
db:CNNVDid:CNNVD-201908-156
db:NVDid:CVE-2019-9012

LAST UPDATE DATE
2024-11-23T21:59:48.867000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160447date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-008669date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-156date:2020-08-25T00:00:00
db:NVDid:CVE-2019-9012date:2024-11-21T04:50:48.627

SOURCES RELEASE DATE
db:VULHUBid:VHN-160447date:2019-08-15T00:00:00
db:JVNDBid:JVNDB-2019-008669date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-156date:2019-08-01T00:00:00
db:NVDid:CVE-2019-9012date:2019-08-15T18:15:23.477