Sign-up

ID

VAR-202007-0686


CVE

CVE-2020-15806


TITLE

CODESYS Control Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008192

DESCRIPTION

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. CODESYS Control Is vulnerable to resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software. 3S-Smart Software Solutions CODESYS Control has a denial of service vulnerability. Allow remote attackers to use vulnerabilities to submit special requests and perform denial of service attacks

Trust: 2.16

sources: NVD: CVE-2020-15806 // JVNDB: JVNDB-2020-008192 // CNVD: CNVD-2020-53803

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-53803

AFFECTED PRODUCTS

vendor:codesysmodel:simulation runtimescope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:simulation runtimescope:gteversion:3.5.9.40

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control for iot2000scope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control for beaglebonescope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200scope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control winscope:gteversion:3.5.9.80

Trust: 1.0

vendor:codesysmodel:control rtescope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:hmiscope:gteversion:3.5.10.0

Trust: 1.0

vendor:codesysmodel:control for plcnextscope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for wago touch panels 600scope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control for linuxscope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control for empc-a\/imx6scope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control for raspberry piscope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control rtescope:gteversion:3.5.8.60

Trust: 1.0

vendor:codesysmodel:control for pfc100scope:ltversion:3.5.16.10

Trust: 1.0

vendor:codesysmodel:control winscope:ltversion:3.5.16.10

Trust: 1.0

vendor:3s smartmodel:codesys control for beaglebonescope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for empc-a/imx6scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for iot2000scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for linuxscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc100scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc200scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for plcnextscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for raspberry piscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for wago touch panels 600scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control rte v3scope: - version: -

Trust: 0.8

vendor:3s smartmodel:software solutions codesys control runtime systemscope:ltversion:3.5.16.10

Trust: 0.6

sources: CNVD: CNVD-2020-53803 // JVNDB: JVNDB-2020-008192 // NVD: CVE-2020-15806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15806
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008192
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-53803
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-1373
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-15806
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008192
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-53803
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-15806
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008192
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-53803 // JVNDB: JVNDB-2020-008192 // CNNVD: CNNVD-202007-1373 // NVD: CVE-2020-15806

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:CWE-770

Trust: 0.8

sources: JVNDB: JVNDB-2020-008192 // NVD: CVE-2020-15806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1373

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008192

PATCH
title:Top Pageurl:https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=
Trust: 0.8
title:CODESYS GroupAdvisory 2020-05url:https://www.codesys.com
Trust: 0.8
title:Patch for 3S-Smart Software Solutions CODESYS Control Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/235513
Trust: 0.6
title:3S-Smart Software Solutions CODESYS Control Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125016
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53803 // 
            
            
            
            JVNDB: JVNDB-2020-008192 // 
            
            
            
            CNNVD: CNNVD-202007-1373

EXTERNAL IDS
db:NVDid:CVE-2020-15806
Trust: 3.0
db:TENABLEid:TRA-2020-46
Trust: 1.6
db:JVNDBid:JVNDB-2020-008192
Trust: 0.8
db:CNVDid:CNVD-2020-53803
Trust: 0.6
db:CNNVDid:CNNVD-202007-1373
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53803 // 
            
            
            
            JVNDB: JVNDB-2020-008192 // 
            
            
            
            CNNVD: CNNVD-202007-1373 // 
            
            
            
            NVD: CVE-2020-15806

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-15806
Trust: 2.0
url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=
Trust: 1.6
url:https://www.codesys.com
Trust: 1.6
url:https://www.tenable.com/security/research/tra-2020-46
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15806
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-53803 // 
            
            
            
            JVNDB: JVNDB-2020-008192 // 
            
            
            
            CNNVD: CNNVD-202007-1373 // 
            
            
            
            NVD: CVE-2020-15806

SOURCES
db:CNVDid:CNVD-2020-53803
db:JVNDBid:JVNDB-2020-008192
db:CNNVDid:CNNVD-202007-1373
db:NVDid:CVE-2020-15806

LAST UPDATE DATE
2024-11-23T22:33:24.506000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-53803date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-008192date:2020-09-04T00:00:00
db:CNNVDid:CNNVD-202007-1373date:2020-07-27T00:00:00
db:NVDid:CVE-2020-15806date:2024-11-21T05:06:13.097

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-53803date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-008192date:2020-09-04T00:00:00
db:CNNVDid:CNNVD-202007-1373date:2020-07-22T00:00:00
db:NVDid:CVE-2020-15806date:2020-07-22T19:15:12.317