Sign-up

ID

VAR-201909-0998


CVE

CVE-2019-13538


TITLE

3S-Smart Software Solutions CODESYS Development System Cross-Site Scripting Vulnerability

Trust: 1.4

sources: IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c // CNVD: CNVD-2019-32461 // CNNVD: CNNVD-201909-655

DESCRIPTION

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. 3S-Smart Software Solutions The CODESYS Development System is a set of programming tools for industrial controllers and automation technology from 3S-Smart Software Solutions, Germany

Trust: 2.34

sources: NVD: CVE-2019-13538 // JVNDB: JVNDB-2019-009526 // CNVD: CNVD-2019-32461 // IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c // CNVD: CNVD-2019-32461

AFFECTED PRODUCTS

vendor:codesysmodel:codesysscope:ltversion:3.5.16.0

Trust: 1.0

vendor:3s smartmodel:codesysscope:ltversion:3.5.15.0

Trust: 0.8

vendor:3s smartmodel:software solutions codesys development systemscope:ltversion:33.5.15.0

Trust: 0.6

vendor:codesysmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c // CNVD: CNVD-2019-32461 // JVNDB: JVNDB-2019-009526 // NVD: CVE-2019-13538

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13538
value: HIGH

Trust: 1.0

NVD: CVE-2019-13538
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-32461
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-655
value: HIGH

Trust: 0.6

IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13538
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32461
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13538
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2019-13538
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c // CNVD: CNVD-2019-32461 // JVNDB: JVNDB-2019-009526 // CNNVD: CNNVD-201909-655 // NVD: CVE-2019-13538

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-009526 // NVD: CVE-2019-13538

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-655

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201909-655

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009526

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:Patch for 3S-Smart Software Solutions CODESYS Development System Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/181471
Trust: 0.6
title:CODESYS Development System Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98229
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32461 // 
            
            
            
            JVNDB: JVNDB-2019-009526 // 
            
            
            
            CNNVD: CNNVD-201909-655

EXTERNAL IDS
db:NVDid:CVE-2019-13538
Trust: 3.2
db:ICS CERTid:ICSA-19-255-02
Trust: 2.4
db:AUSCERTid:ESB-2019.3487
Trust: 1.2
db:CNVDid:CNVD-2019-32461
Trust: 0.8
db:CNNVDid:CNNVD-201909-655
Trust: 0.8
db:JVNDBid:JVNDB-2019-009526
Trust: 0.8
db:ICS CERTid:ICSA-19-255-04
Trust: 0.6
db:ICS CERTid:ICSA-19-255-03
Trust: 0.6
db:ICS CERTid:ICSA-19-255-05
Trust: 0.6
db:ICS CERTid:ICSA-19-255-01
Trust: 0.6
db:IVDid:12BA1C7D-A66F-4CA9-AD38-181F851E592C
Trust: 0.2
sources:
            
            
            IVD: 12ba1c7d-a66f-4ca9-ad38-181f851e592c // 
            
            
            
            CNVD: CNVD-2019-32461 // 
            
            
            
            JVNDB: JVNDB-2019-009526 // 
            
            
            
            CNNVD: CNNVD-201909-655 // 
            
            
            
            NVD: CVE-2019-13538

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-02
Trust: 2.4
url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13538
Trust: 1.4
url:https://www.auscert.org.au/bulletins/esb-2019.3487/
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13538
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-05
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-04
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-03
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-01
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32461 // 
            
            
            
            JVNDB: JVNDB-2019-009526 // 
            
            
            
            CNNVD: CNNVD-201909-655 // 
            
            
            
            NVD: CVE-2019-13538

SOURCES
db:IVDid:12ba1c7d-a66f-4ca9-ad38-181f851e592c
db:CNVDid:CNVD-2019-32461
db:JVNDBid:JVNDB-2019-009526
db:CNNVDid:CNNVD-201909-655
db:NVDid:CVE-2019-13538

LAST UPDATE DATE
2024-11-23T22:05:59.517000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-32461date:2019-09-21T00:00:00
db:JVNDBid:JVNDB-2019-009526date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-655date:2020-05-18T00:00:00
db:NVDid:CVE-2019-13538date:2024-11-21T04:25:06.227

SOURCES RELEASE DATE
db:IVDid:12ba1c7d-a66f-4ca9-ad38-181f851e592cdate:2019-09-21T00:00:00
db:CNVDid:CNVD-2019-32461date:2019-09-21T00:00:00
db:JVNDBid:JVNDB-2019-009526date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-655date:2019-09-13T00:00:00
db:NVDid:CVE-2019-13538date:2019-09-17T20:15:11.157