Details of VAR-202003-0430

ID

VAR-202003-0430

CVE

CVE-2020-10245

TITLE

CODESYS Control runtime Out-of-bounds write vulnerabilities in the system

Trust: 0.8

sources: JVNDB: JVNDB-2020-003551

DESCRIPTION

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. CODESYS Control runtime An out-of-bounds write vulnerability exists in the system.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.7

sources: NVD: CVE-2020-10245 // JVNDB: JVNDB-2020-003551 // CNVD: CNVD-2020-20436 // IVD: 74dcac01-aa60-41e2-8aa0-8efb7cd113ac // IVD: fbb246fe-927c-4f97-9ac5-da6a2aa9aa74 // IVD: 9d9a683c-8679-4e40-b76e-9de9cced9fc3

IOT TAXONOMY

category:	['ICS']	sub_category:	-	Trust: 0.6
category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6

sources: IVD: 74dcac01-aa60-41e2-8aa0-8efb7cd113ac // IVD: fbb246fe-927c-4f97-9ac5-da6a2aa9aa74 // IVD: 9d9a683c-8679-4e40-b76e-9de9cced9fc3 // CNVD: CNVD-2020-20436

AFFECTED PRODUCTS

vendor:	control rte	model:	-	scope:	eq	version:	*	Trust: 1.2
vendor:	codesys	model:	embedded target visu toolkit	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control for linux	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	remote target visu toolkit	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control for empc-a\/imx6	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	hmi	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control for raspberry pi	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control for pfc100	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control runtime system toolkit	scope:	gte	version:	3.0	Trust: 1.0
vendor:	codesys	model:	control win	scope:	gte	version:	3.5.9.80	Trust: 1.0
vendor:	codesys	model:	hmi	scope:	gte	version:	3.5.10.0	Trust: 1.0
vendor:	codesys	model:	control win	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	embedded target visu toolkit	scope:	gte	version:	3.0	Trust: 1.0
vendor:	codesys	model:	control runtime system toolkit	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control for iot2000	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control for beaglebone	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	remote target visu toolkit	scope:	gte	version:	3.0	Trust: 1.0
vendor:	codesys	model:	control for pfc200	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control rte	scope:	gte	version:	3.5.8.60	Trust: 1.0
vendor:	codesys	model:	control rte	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	codesys	model:	control for plcnext	scope:	lt	version:	3.5.15.40	Trust: 1.0
vendor:	3s smart	model:	codesys control for beaglebone	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control for empc-a/imx6	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control for iot2000	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control for linux	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control for pfc100	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control for pfc200	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control for plcnext	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control for raspberry pi	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control rte v3	scope:	-	version:	-	Trust: 0.8
vendor:	3s smart	model:	codesys control runtime system toolkit	scope:	-	version:	-	Trust: 0.8
vendor:	control for beaglebone	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control for empc a imx6	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control for iot2000	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control for linux	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control for pfc100	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control for pfc200	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control for plcnext	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control for raspberry pi	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control runtime system toolkit	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	control win	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	embedded target visu toolkit	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	hmi	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	remote target visu toolkit	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	3s smart	model:	software solutions codesys web server	scope:	eq	version:	v3<3.5.15.40	Trust: 0.6

sources: IVD: 74dcac01-aa60-41e2-8aa0-8efb7cd113ac // IVD: fbb246fe-927c-4f97-9ac5-da6a2aa9aa74 // IVD: 9d9a683c-8679-4e40-b76e-9de9cced9fc3 // CNVD: CNVD-2020-20436 // JVNDB: JVNDB-2020-003551 // NVD: CVE-2020-10245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10245
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-003551
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-20436
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-1628
value:	CRITICAL
Trust: 0.6
IVD:	74dcac01-aa60-41e2-8aa0-8efb7cd113ac
value:	HIGH
Trust: 0.2
IVD:	fbb246fe-927c-4f97-9ac5-da6a2aa9aa74
value:	HIGH
Trust: 0.2
IVD:	9d9a683c-8679-4e40-b76e-9de9cced9fc3
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2020-10245
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003551
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-20436
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	74dcac01-aa60-41e2-8aa0-8efb7cd113ac
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	fbb246fe-927c-4f97-9ac5-da6a2aa9aa74
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	9d9a683c-8679-4e40-b76e-9de9cced9fc3
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2020-10245
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003551
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-003551 // NVD: CVE-2020-10245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1628

TYPE

Buffer error

Trust: 1.2

sources: IVD: 74dcac01-aa60-41e2-8aa0-8efb7cd113ac // IVD: fbb246fe-927c-4f97-9ac5-da6a2aa9aa74 // IVD: 9d9a683c-8679-4e40-b76e-9de9cced9fc3 // CNNVD: CNNVD-202003-1628

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003551

PATCH

title:	Advisory 2020-03	url:	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=	Trust: 0.8
title:	Patch for 3S-Smart Software Solutions CODESYS V3 web server buffer overflow vulnerability (CNVD-2020-20436)	url:	https://www.cnvd.org.cn/patchInfo/show/211803	Trust: 0.6
title:	3S-Smart Software Solutions CODESYS V3 web server Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115312	Trust: 0.6

sources: CNVD: CNVD-2020-20436 // JVNDB: JVNDB-2020-003551 // CNNVD: CNNVD-202003-1628

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10245	Trust: 3.6
db:	TENABLE	id:	TRA-2020-16	Trust: 1.6
db:	CNVD	id:	CNVD-2020-20436	Trust: 1.2
db:	CNNVD	id:	CNNVD-202003-1628	Trust: 1.2
db:	JVNDB	id:	JVNDB-2020-003551	Trust: 0.8
db:	IVD	id:	74DCAC01-AA60-41E2-8AA0-8EFB7CD113AC	Trust: 0.2
db:	IVD	id:	FBB246FE-927C-4F97-9AC5-DA6A2AA9AA74	Trust: 0.2
db:	IVD	id:	9D9A683C-8679-4E40-B76E-9DE9CCED9FC3	Trust: 0.2

REFERENCES

url:	https://www.tenable.com/security/research/tra-2020-16	Trust: 1.6
url:	https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10245	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10245	Trust: 0.8

sources: JVNDB: JVNDB-2020-003551 // CNNVD: CNNVD-202003-1628 // NVD: CVE-2020-10245

SOURCES

db:	IVD	id:	74dcac01-aa60-41e2-8aa0-8efb7cd113ac
db:	IVD	id:	fbb246fe-927c-4f97-9ac5-da6a2aa9aa74
db:	IVD	id:	9d9a683c-8679-4e40-b76e-9de9cced9fc3
db:	CNVD	id:	CNVD-2020-20436
db:	JVNDB	id:	JVNDB-2020-003551
db:	CNNVD	id:	CNNVD-202003-1628
db:	NVD	id:	CVE-2020-10245

LAST UPDATE DATE

2024-11-23T22:48:07.759000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-20436	date:	2020-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-003551	date:	2020-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202003-1628	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-10245	date:	2024-11-21T04:55:03.253

SOURCES RELEASE DATE

db:	IVD	id:	74dcac01-aa60-41e2-8aa0-8efb7cd113ac	date:	2020-03-26T00:00:00
db:	IVD	id:	fbb246fe-927c-4f97-9ac5-da6a2aa9aa74	date:	2020-03-26T00:00:00
db:	IVD	id:	9d9a683c-8679-4e40-b76e-9de9cced9fc3	date:	2020-03-26T00:00:00
db:	CNVD	id:	CNVD-2020-20436	date:	2020-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-003551	date:	2020-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202003-1628	date:	2020-03-26T00:00:00
db:	NVD	id:	CVE-2020-10245	date:	2020-03-26T04:15:11.533