Details of VAR-201909-0084

ID

VAR-201909-0084

CVE

CVE-2019-9009

TITLE

3S-Smart CODESYS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009519

DESCRIPTION

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)

Trust: 2.25

sources: NVD: CVE-2019-9009 // JVNDB: JVNDB-2019-009519 // CNNVD: CNNVD-201909-659 // VULHUB: VHN-160444

AFFECTED PRODUCTS

vendor:	codesys	model:	control for empc-a\/imx6	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for beaglebone	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	linux	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for pfc200	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control rte	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	simulation runtime	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	runtime system toolkit	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for pfc100	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	gateway	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control win	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	safety sil2	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for iot2000	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	hmi	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for raspberry pi	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	3s smart	model:	codesys control for beaglebone	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for empc-a/imx6	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for iot2000	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for pfc100	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for pfc200	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for raspberry pi	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control rte v3	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control win sl	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys gateway	scope:	lt	version:	3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys hmi	scope:	lt	version:	3.5.15.0	Trust: 0.8

sources: JVNDB: JVNDB-2019-009519 // NVD: CVE-2019-9009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9009
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-9009
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-659
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160444
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9009
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-160444
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9009
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-9009
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-160444 // JVNDB: JVNDB-2019-009519 // CNNVD: CNNVD-201909-659 // NVD: CVE-2019-9009

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-160444 // JVNDB: JVNDB-2019-009519 // NVD: CVE-2019-9009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-659

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-659

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009519

PATCH

title:	Top Page	url:	https://www.codesys.com/	Trust: 0.8
title:	CODESYS V3 runtime systems Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98233	Trust: 0.6

sources: JVNDB: JVNDB-2019-009519 // CNNVD: CNNVD-201909-659

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-19-255-05	Trust: 2.5
db:	NVD	id:	CVE-2019-9009	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-009519	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-659	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3487	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-255-04	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-255-03	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-255-02	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-255-01	Trust: 0.6
db:	VULHUB	id:	VHN-160444	Trust: 0.1

sources: VULHUB: VHN-160444 // JVNDB: JVNDB-2019-009519 // CNNVD: CNNVD-201909-659 // NVD: CVE-2019-9009

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-05	Trust: 3.1
url:	https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9009	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9009	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-04	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-03	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-02	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-01	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3487/	Trust: 0.6
url:	https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=	Trust: 0.1

sources: VULHUB: VHN-160444 // JVNDB: JVNDB-2019-009519 // CNNVD: CNNVD-201909-659 // NVD: CVE-2019-9009

SOURCES

db:	VULHUB	id:	VHN-160444
db:	JVNDB	id:	JVNDB-2019-009519
db:	CNNVD	id:	CNNVD-201909-659
db:	NVD	id:	CVE-2019-9009

LAST UPDATE DATE

2024-11-23T22:05:59.582000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160444	date:	2020-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-009519	date:	2019-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201909-659	date:	2022-01-04T00:00:00
db:	NVD	id:	CVE-2019-9009	date:	2024-11-21T04:50:48.197

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160444	date:	2019-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-009519	date:	2019-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201909-659	date:	2019-09-13T00:00:00
db:	NVD	id:	CVE-2019-9009	date:	2019-09-17T16:15:11.077