Sign-up

ID

VAR-201909-1519


CVE

CVE-2019-13548


TITLE

3S-Smart Software Solutions CODESYS V3 web server Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 2062592c-6ba3-43d6-8392-53b413cc328b // CNVD: CNVD-2019-32462

DESCRIPTION

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. CODESYS V3 web The server contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS V3 web server is a web server used by 3S-Smart Software Solutions of Germany in CODESYS products

Trust: 2.34

sources: NVD: CVE-2019-13548 // JVNDB: JVNDB-2019-009415 // CNVD: CNVD-2019-32462 // IVD: 2062592c-6ba3-43d6-8392-53b413cc328b

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2062592c-6ba3-43d6-8392-53b413cc328b // CNVD: CNVD-2019-32462

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control rtescope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control for raspberry piscope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control rtescope:gteversion:3.5.13.0

Trust: 1.0

vendor:codesysmodel:control for pfc100scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control winscope:lteversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:control winscope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:control winscope:gteversion:3.5.9.80

Trust: 1.0

vendor:codesysmodel:hmiscope:gteversion:3.5.10.0

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:hmiscope:gteversion:3.5.13.0

Trust: 1.0

vendor:codesysmodel:control for iot2000scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control for beaglebonescope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control for pfc200scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control rtescope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:control rtescope:gteversion:3.5.8.60

Trust: 1.0

vendor:codesysmodel:control winscope:gteversion:3.5.13.0

Trust: 1.0

vendor:codesysmodel:control for linuxscope:ltversion:3.5.14.10

Trust: 1.0

vendor:3s smartmodel:codesys control for beaglebonescope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for empc-a/imx6scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for iot2000scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for linuxscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc100scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc200scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for raspberry piscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control rte v3scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control runtime system toolkitscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control win slscope: - version: -

Trust: 0.8

vendor:3s smartmodel:software solutions codesys web serverscope:eqversion:v3<3.5.14.10

Trust: 0.6

vendor:control rtemodel: - scope:eqversion:*

Trust: 0.4

vendor:control winmodel: - scope:eqversion:*

Trust: 0.4

vendor:hmimodel: - scope:eqversion:*

Trust: 0.4

vendor:control for beaglebonemodel: - scope:eqversion:*

Trust: 0.2

vendor:control for empc a imx6model: - scope:eqversion:*

Trust: 0.2

vendor:control for iot2000model: - scope:eqversion:*

Trust: 0.2

vendor:control for linuxmodel: - scope:eqversion:*

Trust: 0.2

vendor:control for pfc100model: - scope:eqversion:*

Trust: 0.2

vendor:control for pfc200model: - scope:eqversion:*

Trust: 0.2

vendor:control for raspberry pimodel: - scope:eqversion:*

Trust: 0.2

vendor:control runtime system toolkitmodel: - scope:eqversion:*

Trust: 0.2

vendor:embedded target visu toolkitmodel: - scope:eqversion:*

Trust: 0.2

vendor:remote target visu toolkitmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 2062592c-6ba3-43d6-8392-53b413cc328b // CNVD: CNVD-2019-32462 // JVNDB: JVNDB-2019-009415 // NVD: CVE-2019-13548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13548
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13548
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-32462
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-658
value: CRITICAL

Trust: 0.6

IVD: 2062592c-6ba3-43d6-8392-53b413cc328b
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2019-13548
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32462
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2062592c-6ba3-43d6-8392-53b413cc328b
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13548
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13548
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 2062592c-6ba3-43d6-8392-53b413cc328b // CNVD: CNVD-2019-32462 // JVNDB: JVNDB-2019-009415 // CNNVD: CNNVD-201909-658 // NVD: CVE-2019-13548

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-120

Trust: 0.8

sources: JVNDB: JVNDB-2019-009415 // NVD: CVE-2019-13548

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-658

TYPE

Buffer error

Trust: 0.8

sources: IVD: 2062592c-6ba3-43d6-8392-53b413cc328b // CNNVD: CNNVD-201909-658

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009415

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:3S-Smart Software Solutions CODESYS V3 web server buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/181467
Trust: 0.6
title:CODESYS V3 web server Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98232
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32462 // 
            
            
            
            JVNDB: JVNDB-2019-009415 // 
            
            
            
            CNNVD: CNNVD-201909-658

EXTERNAL IDS
db:NVDid:CVE-2019-13548
Trust: 3.2
db:ICS CERTid:ICSA-19-255-01
Trust: 2.4
db:AUSCERTid:ESB-2019.3487
Trust: 1.2
db:CNVDid:CNVD-2019-32462
Trust: 0.8
db:CNNVDid:CNNVD-201909-658
Trust: 0.8
db:JVNDBid:JVNDB-2019-009415
Trust: 0.8
db:ICS CERTid:ICSA-19-255-04
Trust: 0.6
db:ICS CERTid:ICSA-19-255-03
Trust: 0.6
db:ICS CERTid:ICSA-19-255-05
Trust: 0.6
db:ICS CERTid:ICSA-19-255-02
Trust: 0.6
db:IVDid:2062592C-6BA3-43D6-8392-53B413CC328B
Trust: 0.2
sources:
            
            
            IVD: 2062592c-6ba3-43d6-8392-53b413cc328b // 
            
            
            
            CNVD: CNVD-2019-32462 // 
            
            
            
            JVNDB: JVNDB-2019-009415 // 
            
            
            
            CNNVD: CNNVD-201909-658 // 
            
            
            
            NVD: CVE-2019-13548

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-01
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-13548
Trust: 2.0
url:https://www.auscert.org.au/bulletins/esb-2019.3487/
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13548
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-05
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-04
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-03
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-255-02
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-32462 // 
            
            
            
            JVNDB: JVNDB-2019-009415 // 
            
            
            
            CNNVD: CNNVD-201909-658 // 
            
            
            
            NVD: CVE-2019-13548

SOURCES
db:IVDid:2062592c-6ba3-43d6-8392-53b413cc328b
db:CNVDid:CNVD-2019-32462
db:JVNDBid:JVNDB-2019-009415
db:CNNVDid:CNNVD-201909-658
db:NVDid:CVE-2019-13548

LAST UPDATE DATE
2024-11-23T22:05:59.484000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-32462date:2019-09-21T00:00:00
db:JVNDBid:JVNDB-2019-009415date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-658date:2021-10-29T00:00:00
db:NVDid:CVE-2019-13548date:2024-11-21T04:25:07.460

SOURCES RELEASE DATE
db:IVDid:2062592c-6ba3-43d6-8392-53b413cc328bdate:2019-09-21T00:00:00
db:CNVDid:CNVD-2019-32462date:2019-09-21T00:00:00
db:JVNDBid:JVNDB-2019-009415date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-658date:2019-09-13T00:00:00
db:NVDid:CVE-2019-13548date:2019-09-13T17:15:11.693