Details of VAR-201909-1000

ID

VAR-201909-1000

CVE

CVE-2019-13542

TITLE

3S-Smart Software Solutions CODESYS Control Code Issue Vulnerability

Trust: 0.8

sources: IVD: 0388bd06-7396-4425-9011-862e9649841c // CNVD: CNVD-2019-32460

DESCRIPTION

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A code issue vulnerability exists in 3S-Smart Software Solutions CODESYS Control. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: CODESYS Control for BeagleBone 3.5.11.0 to 3.5.15.0, CODESYS Control for emPC-A / iMX6 3.5.11.0 to 3.5.15.0, and CODESYS Control for IOT2000 3.5.11.0 to 3.5. Version 15.0, CODESYS Control for Linux 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC100 3.5.11.0 to 3.5.15.0, CODESYS Control for PFC200 3.5.11.0 to 3.5.15.0, CODESYS Control for Raspberry Pi Version 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0, CODESYS Control RTE V3 3.5.11.0 to 3.5.15.0 (for Beckhoff CX), CODESYS Control Win V3 3.5.11.0 Version to 3.5.15.0 (also part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit version 3.5.11.0 to 3.5.15.0

Trust: 2.88

sources: NVD: CVE-2019-13542 // JVNDB: JVNDB-2019-009520 // CNVD: CNVD-2019-32460 // CNNVD: CNNVD-201909-656 // IVD: 0388bd06-7396-4425-9011-862e9649841c

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0388bd06-7396-4425-9011-862e9649841c // CNVD: CNVD-2019-32460

AFFECTED PRODUCTS

vendor:	3s smart	model:	software solutions codesys control rte	scope:	eq	version:	v3>=3.5.11.0,<=3.5.15.0	Trust: 1.2
vendor:	codesys	model:	control for pfc100	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control for empc-a\/imx6	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control for pfc100	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control win	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control win	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control for iot2000	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control for iot2000	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for empc-a\/imx6	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for beaglebone	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	linux	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for pfc200	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control rte	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control rte	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	runtime system toolkit	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	codesys	model:	control for beaglebone	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	linux	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control for pfc200	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	runtime system toolkit	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control for raspberry pi	scope:	gte	version:	3.5.11.0	Trust: 1.0
vendor:	codesys	model:	control for raspberry pi	scope:	lt	version:	3.5.15.0	Trust: 1.0
vendor:	3s smart	model:	codesys control for beaglebone	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for empc-a/imx6	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for iot2000	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for linux	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for pfc100	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for pfc200	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control for raspberry pi	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control rte v3	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control runtime system toolkit	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	codesys control win sl	scope:	eq	version:	3.5.11.0 to 3.5.15.0	Trust: 0.8
vendor:	3s smart	model:	software solutions codesys control for beaglebone	scope:	gte	version:	3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control for empc-a/imx	scope:	gte	version:	63.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control for iot2000	scope:	gte	version:	3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control for linux	scope:	gte	version:	3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control for pfc100	scope:	gte	version:	3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control for pfc200	scope:	gte	version:	3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control for raspberry pi	scope:	gte	version:	3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control win	scope:	eq	version:	v3>=3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys control runtime system toolkit	scope:	eq	version:	v3>=3.5.11.0,<=3.5.15.0	Trust: 0.6
vendor:	control for beaglebone	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	control for empc a imx6	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	control for iot2000	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	control for pfc100	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	control for pfc200	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	control for raspberry pi	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	control rte	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	control win	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	linux	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	runtime system toolkit	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 0388bd06-7396-4425-9011-862e9649841c // CNVD: CNVD-2019-32460 // JVNDB: JVNDB-2019-009520 // NVD: CVE-2019-13542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13542
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-13542
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-32460
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201909-656
value:	MEDIUM
Trust: 0.6
IVD:	0388bd06-7396-4425-9011-862e9649841c
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2019-13542
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-32460
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0388bd06-7396-4425-9011-862e9649841c
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-13542
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13542
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 0388bd06-7396-4425-9011-862e9649841c // CNVD: CNVD-2019-32460 // JVNDB: JVNDB-2019-009520 // CNNVD: CNNVD-201909-656 // NVD: CVE-2019-13542

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2019-009520 // NVD: CVE-2019-13542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-656

TYPE

Code problem

Trust: 0.8

sources: IVD: 0388bd06-7396-4425-9011-862e9649841c // CNNVD: CNNVD-201909-656

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009520

PATCH

title:	Top Page	url:	https://www.codesys.com/	Trust: 0.8
title:	3S-Smart Software Solutions CODESYS Control Code Issue Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/181473	Trust: 0.6
title:	CODESYS Control V3 runtime systems Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98230	Trust: 0.6

sources: CNVD: CNVD-2019-32460 // JVNDB: JVNDB-2019-009520 // CNNVD: CNNVD-201909-656

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13542	Trust: 3.2
db:	ICS CERT	id:	ICSA-19-255-04	Trust: 3.0
db:	AUSCERT	id:	ESB-2019.3487	Trust: 1.2
db:	CNVD	id:	CNVD-2019-32460	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-656	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-009520	Trust: 0.8
db:	ICS CERT	id:	ICSA-19-255-03	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-255-05	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-255-02	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-255-01	Trust: 0.6
db:	IVD	id:	0388BD06-7396-4425-9011-862E9649841C	Trust: 0.2

sources: IVD: 0388bd06-7396-4425-9011-862e9649841c // CNVD: CNVD-2019-32460 // JVNDB: JVNDB-2019-009520 // CNNVD: CNNVD-201909-656 // NVD: CVE-2019-13542

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-04	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13542	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2019.3487/	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13542	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-05	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-03	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-02	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-255-01	Trust: 0.6

sources: CNVD: CNVD-2019-32460 // JVNDB: JVNDB-2019-009520 // CNNVD: CNNVD-201909-656 // NVD: CVE-2019-13542

SOURCES

db:	IVD	id:	0388bd06-7396-4425-9011-862e9649841c
db:	CNVD	id:	CNVD-2019-32460
db:	JVNDB	id:	JVNDB-2019-009520
db:	CNNVD	id:	CNNVD-201909-656
db:	NVD	id:	CVE-2019-13542

LAST UPDATE DATE

2024-11-23T22:05:59.611000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-32460	date:	2019-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-009520	date:	2019-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201909-656	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-13542	date:	2024-11-21T04:25:06.737

SOURCES RELEASE DATE

db:	IVD	id:	0388bd06-7396-4425-9011-862e9649841c	date:	2019-09-21T00:00:00
db:	CNVD	id:	CNVD-2019-32460	date:	2019-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-009520	date:	2019-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201909-656	date:	2019-09-13T00:00:00
db:	NVD	id:	CVE-2019-13542	date:	2019-09-17T19:15:10.757