ID

VAR-202001-1803


CVE

CVE-2020-7052


TITLE

CODESYS Control Remote Denial of Service Vulnerability

Trust: 0.8

sources: IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10 // CNVD: CNVD-2020-13190

DESCRIPTION

CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control , Gateway , HMI Contains a resource exhaustion vulnerability.Denial of service operation (DoS) May be in a state. CoDeSys is a powerful PLC software programming tool. CODESYS Control memory allocation is secure. Remote attackers can use this vulnerability to submit special requests to conduct denial-of-service attacks. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions in Germany

Trust: 2.43

sources: NVD: CVE-2020-7052 // JVNDB: JVNDB-2020-001515 // CNVD: CNVD-2020-13190 // IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10 // VULHUB: VHN-185177

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10 // CNVD: CNVD-2020-13190

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6scope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control for raspberry piscope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:simulation runtimescope:gteversion:3.5.9.40

Trust: 1.0

vendor:codesysmodel:control for pfc100scope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control winscope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:safety sil2scope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control winscope:gteversion:3.5.9.80

Trust: 1.0

vendor:codesysmodel:hmiscope:gteversion:3.5.10.0

Trust: 1.0

vendor:codesysmodel:simulation runtimescope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:safety sil2scope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control for iot2000scope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control for beaglebonescope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control for pfc200scope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control rtescope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:gatewayscope:gteversion:3.5.15.10

Trust: 1.0

vendor:codesysmodel:control for plcnextscope:ltversion:3.5.15.30

Trust: 1.0

vendor:codesysmodel:control rtescope:gteversion:3.5.8.60

Trust: 1.0

vendor:codesysmodel:control for linuxscope:ltversion:3.5.15.30

Trust: 1.0

vendor:3s smartmodel:codesys control for beaglebonescope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys control for empc-a/imx6scope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys control for iot2000scope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys control for linuxscope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc100scope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc200scope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:control for plcnextscope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys control for raspberry piscope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys gatewayscope:eqversion: -

Trust: 0.8

vendor:3s smartmodel:codesys hmiscope:eqversion: -

Trust: 0.8

vendor:codesysmodel:controlscope:eqversion:v3

Trust: 0.6

vendor:codesysmodel:gatewayscope:eqversion:v3

Trust: 0.6

vendor:codesysmodel:hmiscope:eqversion:v3

Trust: 0.6

vendor:control rtemodel: - scope:eqversion:*

Trust: 0.4

vendor:control for beaglebonemodel: - scope:eqversion:*

Trust: 0.2

vendor:control for empc a imx6model: - scope:eqversion:*

Trust: 0.2

vendor:control for iot2000model: - scope:eqversion:*

Trust: 0.2

vendor:control for linuxmodel: - scope:eqversion:*

Trust: 0.2

vendor:control for pfc100model: - scope:eqversion:*

Trust: 0.2

vendor:control for pfc200model: - scope:eqversion:*

Trust: 0.2

vendor:control for plcnextmodel: - scope:eqversion:*

Trust: 0.2

vendor:control for raspberry pimodel: - scope:eqversion:*

Trust: 0.2

vendor:control runtime system toolkitmodel: - scope:eqversion:*

Trust: 0.2

vendor:control winmodel: - scope:eqversion:*

Trust: 0.2

vendor:gatewaymodel: - scope:eqversion:*

Trust: 0.2

vendor:hmimodel: - scope:eqversion:*

Trust: 0.2

vendor:safety sil2model: - scope:eqversion:*

Trust: 0.2

vendor:simulation runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10 // CNVD: CNVD-2020-13190 // JVNDB: JVNDB-2020-001515 // NVD: CVE-2020-7052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7052
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-7052
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-13190
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-1104
value: MEDIUM

Trust: 0.6

IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10
value: MEDIUM

Trust: 0.2

VULHUB: VHN-185177
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7052
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-13190
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-185177
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7052
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-7052
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10 // CNVD: CNVD-2020-13190 // VULHUB: VHN-185177 // JVNDB: JVNDB-2020-001515 // CNNVD: CNNVD-202001-1104 // NVD: CVE-2020-7052

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:Resource depletion (CWE-400) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-400

Trust: 0.1

sources: VULHUB: VHN-185177 // JVNDB: JVNDB-2020-001515 // NVD: CVE-2020-7052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1104

TYPE

Resource management error

Trust: 0.8

sources: IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10 // CNNVD: CNNVD-202001-1104

PATCH

title:Advisory 2020-01url:https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=

Trust: 0.8

title:Patch for CODESYS Control Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/204645

Trust: 0.6

title:Multiple 3S-Smart Software Solutions Product resource management error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112808

Trust: 0.6

sources: CNVD: CNVD-2020-13190 // JVNDB: JVNDB-2020-001515 // CNNVD: CNNVD-202001-1104

EXTERNAL IDS

db:NVDid:CVE-2020-7052

Trust: 3.3

db:TENABLEid:TRA-2020-04

Trust: 2.3

db:CNNVDid:CNNVD-202001-1104

Trust: 0.9

db:CNVDid:CNVD-2020-13190

Trust: 0.8

db:JVNDBid:JVNDB-2020-001515

Trust: 0.8

db:IVDid:A64EF9AA-2BB3-4067-B045-CC3D87B01A10

Trust: 0.2

db:VULHUBid:VHN-185177

Trust: 0.1

sources: IVD: a64ef9aa-2bb3-4067-b045-cc3d87b01a10 // CNVD: CNVD-2020-13190 // VULHUB: VHN-185177 // JVNDB: JVNDB-2020-001515 // CNNVD: CNNVD-202001-1104 // NVD: CVE-2020-7052

REFERENCES

url:https://www.tenable.com/security/research/tra-2020-04

Trust: 2.3

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-7052

Trust: 1.4

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=

Trust: 0.1

sources: CNVD: CNVD-2020-13190 // VULHUB: VHN-185177 // JVNDB: JVNDB-2020-001515 // CNNVD: CNNVD-202001-1104 // NVD: CVE-2020-7052

SOURCES

db:IVDid:a64ef9aa-2bb3-4067-b045-cc3d87b01a10
db:CNVDid:CNVD-2020-13190
db:VULHUBid:VHN-185177
db:JVNDBid:JVNDB-2020-001515
db:CNNVDid:CNNVD-202001-1104
db:NVDid:CVE-2020-7052

LAST UPDATE DATE

2024-11-23T21:51:41.126000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-13190date:2020-02-26T00:00:00
db:VULHUBid:VHN-185177date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-001515date:2020-02-13T00:00:00
db:CNNVDid:CNNVD-202001-1104date:2021-07-26T00:00:00
db:NVDid:CVE-2020-7052date:2024-11-21T05:36:34.220

SOURCES RELEASE DATE

db:IVDid:a64ef9aa-2bb3-4067-b045-cc3d87b01a10date:2020-01-24T00:00:00
db:CNVDid:CNVD-2020-13190date:2020-02-25T00:00:00
db:VULHUBid:VHN-185177date:2020-01-24T00:00:00
db:JVNDBid:JVNDB-2020-001515date:2020-02-13T00:00:00
db:CNNVDid:CNNVD-202001-1104date:2020-01-24T00:00:00
db:NVDid:CVE-2020-7052date:2020-01-24T20:15:10.970