Sign-up

ID

VAR-202003-0671


CVE

CVE-2019-5105


TITLE

3S-Smart Software Solutions CODESYS GatewayService Buffer Overflow Vulnerability

Trust: 1.2

sources: IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a // IVD: 528a9f71-c716-457a-9e08-7de703fe34e2 // IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3 // CNVD: CNVD-2020-23223

DESCRIPTION

An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System). 3S-Smart Software Solutions, CODESYS Control for BeagleBone, etc. are all products of German 3S-Smart Software Solutions. CODESYS Control for BeagleBone is a set of industrial control program programming software. CODESYS Control is a set of industrial control program programming software. CODESYS Development System is a set of programming tools for industrial controllers and automation technology. Safety and other products are all products. Safety is a Python-based software package for checking program safety. 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products. The following products and versions (including CmpRouter or CmpRouterEmbedded components) are affected: CODESYS Control for BeagleBone before V3.5.15.40, CODESYS Control for emPC-A/iMX6 before V3.5.15.40, and CODESYS Control for IOT2000 V3.5.15

Trust: 3.24

sources: NVD: CVE-2019-5105 // JVNDB: JVNDB-2019-015230 // CNVD: CNVD-2020-23223 // CNNVD: CNNVD-202003-1616 // IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a // IVD: 528a9f71-c716-457a-9e08-7de703fe34e2 // IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

category:['network device', 'embedded device']sub_category:gateway

Trust: 0.1

category:['network device', 'embedded device']sub_category:PLC

Trust: 0.1

sources: OTHER: None // IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a // IVD: 528a9f71-c716-457a-9e08-7de703fe34e2 // IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3 // CNVD: CNVD-2020-23223

AFFECTED PRODUCTS

vendor:codesysmodel:codesysscope:eqversion:3.5.13.2

Trust: 1.0

vendor:3s smartmodel:codesysscope:eqversion:3.5.13.20

Trust: 0.8

vendor:codesysmodel: - scope:eqversion:3.5.13.2

Trust: 0.6

vendor:3s smartmodel:software solutions codesys gatewayservicescope:eqversion:3.5.13.20

Trust: 0.6

sources: IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a // IVD: 528a9f71-c716-457a-9e08-7de703fe34e2 // IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3 // CNVD: CNVD-2020-23223 // JVNDB: JVNDB-2019-015230 // NVD: CVE-2019-5105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5105
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5105
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015230
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-23223
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1616
value: HIGH

Trust: 0.6

IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a
value: HIGH

Trust: 0.2

IVD: 528a9f71-c716-457a-9e08-7de703fe34e2
value: HIGH

Trust: 0.2

IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-5105
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015230
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-23223
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 528a9f71-c716-457a-9e08-7de703fe34e2
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-5105
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5105
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015230
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a // IVD: 528a9f71-c716-457a-9e08-7de703fe34e2 // IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3 // CNVD: CNVD-2020-23223 // JVNDB: JVNDB-2019-015230 // CNNVD: CNNVD-202003-1616 // NVD: CVE-2019-5105 // NVD: CVE-2019-5105

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-787

Trust: 1.0

sources: JVNDB: JVNDB-2019-015230 // NVD: CVE-2019-5105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1616

TYPE

Buffer error

Trust: 1.2

sources: IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a // IVD: 528a9f71-c716-457a-9e08-7de703fe34e2 // IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3 // CNNVD: CNNVD-202003-1616

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015230

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:Patch for 3S-Smart Software Solutions CODESYS GatewayService buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/214347
Trust: 0.6
title:3S-Smart Software Solutions CODESYS GatewayService Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113021
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-23223 // 
            
            
            
            JVNDB: JVNDB-2019-015230 // 
            
            
            
            CNNVD: CNNVD-202003-1616

EXTERNAL IDS
db:NVDid:CVE-2019-5105
Trust: 3.7
db:TALOSid:TALOS-2019-0897
Trust: 3.0
db:CNVDid:CNVD-2020-23223
Trust: 1.2
db:CNNVDid:CNNVD-202003-1616
Trust: 1.2
db:JVNDBid:JVNDB-2019-015230
Trust: 0.8
db:IVDid:C2CA4C36-A698-4421-B8D5-AAF8DED1870A
Trust: 0.2
db:IVDid:528A9F71-C716-457A-9E08-7DE703FE34E2
Trust: 0.2
db:IVDid:436A9437-F932-4A7A-9F3E-24717565F5A3
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: c2ca4c36-a698-4421-b8d5-aaf8ded1870a // 
            
            
            
            IVD: 528a9f71-c716-457a-9e08-7de703fe34e2 // 
            
            
            
            IVD: 436a9437-f932-4a7a-9f3e-24717565f5a3 // 
            
            
            
            CNVD: CNVD-2020-23223 // 
            
            
            
            JVNDB: JVNDB-2019-015230 // 
            
            
            
            CNNVD: CNNVD-202003-1616 // 
            
            
            
            NVD: CVE-2019-5105

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0897
Trust: 3.6
url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=13077&token=3bfc6d1d08415a6260b96093520071f5786e7fd4&download=
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-5105
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5105
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-23223 // 
            
            
            
            JVNDB: JVNDB-2019-015230 // 
            
            
            
            CNNVD: CNNVD-202003-1616 // 
            
            
            
            NVD: CVE-2019-5105

CREDITS
Carl Hurd of Cisco Talos and an OEM customer
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202003-1616

SOURCES
db:OTHERid: - 
db:IVDid:c2ca4c36-a698-4421-b8d5-aaf8ded1870a
db:IVDid:528a9f71-c716-457a-9e08-7de703fe34e2
db:IVDid:436a9437-f932-4a7a-9f3e-24717565f5a3
db:CNVDid:CNVD-2020-23223
db:JVNDBid:JVNDB-2019-015230
db:CNNVDid:CNNVD-202003-1616
db:NVDid:CVE-2019-5105

LAST UPDATE DATE
2025-01-30T22:06:48.673000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-23223date:2020-04-17T00:00:00
db:JVNDBid:JVNDB-2019-015230date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1616date:2021-08-16T00:00:00
db:NVDid:CVE-2019-5105date:2024-11-21T04:44:21.717

SOURCES RELEASE DATE
db:IVDid:c2ca4c36-a698-4421-b8d5-aaf8ded1870adate:2020-03-25T00:00:00
db:IVDid:528a9f71-c716-457a-9e08-7de703fe34e2date:2020-03-25T00:00:00
db:IVDid:436a9437-f932-4a7a-9f3e-24717565f5a3date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-23223date:2020-04-17T00:00:00
db:JVNDBid:JVNDB-2019-015230date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1616date:2020-03-25T00:00:00
db:NVDid:CVE-2019-5105date:2020-03-26T15:15:24.537