FSA-202202
Vulnerability from csaf_festosecokg - Published: 2022-07-18 10:00 - Updated: 2025-11-03 11:00Summary
Festo: Controller CECC-S,LK,D family <= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system
Notes
Summary: The Festo controller CECC product family is affected by multiple vulnerabilities in the CODESYS V3 runtime.
Impact: By using the listed vulnerabilities an remote attacker with low privileges may gain full access to the devices or make them unavailable.
Remediation: For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
General recommendations: Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. Festo also highly recommends to apply available firmware updates containing security related changes as soon as possible. For a secure operation follow the recommendations in the product manuals.
Until Festo provides a firmware-update with CODESYS runtime patching the vulnerabilities general recommendation is to:
1. **Do not use the Codesys Web server of the Web-visualization.**
2. **Restrict access to PLCs with active webservers** on a network level to only those participants for whom it is strictly necessary.
- The PLC should **never be exposed to the internet**.
- Assist IT staff to block access (e.g., from outside the company network or virtual machine networks) to the PLC using routers, firewalls, and port/protocol restrictions (UDP, TCP).
3. **Limit visualization screens** on PLCs with web server active to those required by operators of:
- **CODESYS WebVisu**
- **CODESYS Remote TargetVisu**
4. **Activate the CODESYS device user management and visualization user management if Web visualization is used.**
- With the activation of the user management, only authenticated online access is allowed.
- It is **highly recommended to set up at least one administrator user**.
- Create a group-based user structure to allow leveled access rights.
- Use user management to restrict not only navigation elements but **all elements to certain operators only**.
---
As part of a security strategy, Festo supports the CODESYS GmbH recommended following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.
- Use firewalls to protect and separate the control system network from other networks – use VPN (Virtual Private Networks) tunnels if remote access is required.
- Activate and apply user management and password features.
- Use encrypted communication links.
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions.
---
**For more information**, see the [CODESYS Security Whitepaper (PDF)](https://customers.codesys.com/fileadmin/data/customers/_security/CODESYS-Security-Whitepaper.pdf).
Disclaimer: Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.\n\nNote: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\nIn addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
8.1 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
7.1 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
6.5 (Medium)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
9.8 (Critical)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
6.5 (Medium)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
9.8 (Critical)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
8.8 (High)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
9.8 (Critical)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
9.8 (Critical)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
6.5 (Medium)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
7.5 (High)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
5.3 (Medium)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
8.8 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
7.8 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
9.8 (Critical)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
7.5 (High)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
6.5 (Medium)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
7.5 (High)
No Fix Planned
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
7.5 (High)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
7.5 (High)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
7.5 (High)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
6.5 (Medium)
Vendor Fix
For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
9.8 (Critical)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
5.3 (Medium)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information.
7.8 (High)
Vendor Fix
For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The Festo controller CECC product family is affected by multiple vulnerabilities in the\u00a0CODESYS V3 runtime.",
"title": "Summary"
},
{
"category": "description",
"text": "By using the listed vulnerabilities an remote attacker with low privileges may gain full access to the devices or make them unavailable.",
"title": "Impact"
},
{
"category": "description",
"text": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.\n\nFor CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"title": "Remediation"
},
{
"category": "general",
"text": "Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. Festo also highly recommends to apply available firmware updates containing security related changes as soon as possible. For a secure operation follow the recommendations in the product manuals. \nUntil Festo provides a firmware-update with CODESYS runtime patching the vulnerabilities general recommendation is to:\n\n1. **Do not use the Codesys Web server of the Web-visualization.**\n2. **Restrict access to PLCs with active webservers** on a network level to only those participants for whom it is strictly necessary. \n - The PLC should **never be exposed to the internet**. \n - Assist IT staff to block access (e.g., from outside the company network or virtual machine networks) to the PLC using routers, firewalls, and port/protocol restrictions (UDP, TCP).\n3. **Limit visualization screens** on PLCs with web server active to those required by operators of:\n - **CODESYS WebVisu**\n - **CODESYS Remote TargetVisu**\n4. **Activate the CODESYS device user management and visualization user management if Web visualization is used.**\n - With the activation of the user management, only authenticated online access is allowed.\n - It is **highly recommended to set up at least one administrator user**.\n - Create a group-based user structure to allow leveled access rights.\n - Use user management to restrict not only navigation elements but **all elements to certain operators only**.\n\n---\n\nAs part of a security strategy, Festo supports the CODESYS GmbH recommended following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n- Use firewalls to protect and separate the control system network from other networks \u2013 use VPN (Virtual Private Networks) tunnels if remote access is required.\n- Activate and apply user management and password features.\n- Use encrypted communication links.\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions.\n\n---\n\n**For more information**, see the [CODESYS Security Whitepaper (PDF)](https://customers.codesys.com/fileadmin/data/customers/_security/CODESYS-Security-Whitepaper.pdf).",
"title": "General recommendations"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment, or liability on the part of Festo.\\n\\nNote: In no case does this information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\\n\\nIn addition, the actual general terms, and conditions for delivery, payment and software use of Festo, available under http://www.festo.com and the special provisions for the use of Festo Security Advisory available at https://www.festo.com/psirt shall apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@festo.com",
"name": "Festo SE \u0026 Co. KG",
"namespace": "https://festo.com"
},
"references": [
{
"category": "self",
"summary": "FSA-202202: Festo: Controller CECC-S,LK,D family \u003c= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-022/"
},
{
"category": "self",
"summary": "FSA-202202: Festo: Controller CECC-S,LK,D family \u003c= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system - CSAF",
"url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2022/fsa-202202.json"
},
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://certvde.com/en/advisories/vendor/festo/"
}
],
"title": "Festo: Controller CECC-S,LK,D family \u003c= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system",
"tracking": {
"aliases": [
"VDE-2022-022"
],
"current_release_date": "2025-11-03T11:00:00.000Z",
"generator": {
"date": "2025-11-04T15:07:53.446Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.38"
}
},
"id": "FSA-202202",
"initial_release_date": "2022-07-18T10:00:00.000Z",
"revision_history": [
{
"date": "2022-07-18T10:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2024-01-11T10:00:00.000Z",
"number": "1.0.1",
"summary": "Adjust link to VDE Advisory, TLP and update some CVE information, where CVSS was not known before."
},
{
"date": "2025-07-28T10:00:00.000Z",
"number": "1.0.2",
"summary": "Adjusted to VDE template. Changed title from \u0027Festo Controller CECC-S,-LK,-D Family Firmware \u003c= 2.3.8.1 - Multiple Vulnerabilities in CODESYS V3 Runtime System\u0027 to \u0027Festo: Controller CECC-S,LK,D family \u003c= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system\u0027. Updated legal disclaimer to add references to special provisions."
},
{
"date": "2025-11-03T11:00:00.000Z",
"number": "1.0.3",
"summary": "Add missing CWE values for vulnerabilities. Add missing CVSS 3.0 score for CVE-2010-5250."
}
],
"status": "final",
"version": "1.0.3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Controller CECC-D",
"product": {
"name": "Controller CECC-D",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"CECC-D Rev4",
"CECC-D Rev5",
"CECC-D Rev6"
],
"skus": [
"574415"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:574415"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:CECC-D"
}
]
}
}
},
{
"category": "product_name",
"name": "Controller CECC-LK",
"product": {
"name": "Controller CECC-LK",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"CECC-LK Rev4",
"CECC-LK Rev5",
"CECC-LK Rev6"
],
"skus": [
"574418"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:574418"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:CECC-LK"
}
]
}
}
},
{
"category": "product_name",
"name": "Controller CECC-S",
"product": {
"name": "Controller CECC-S",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"CECC-S Rev4",
"CECC-S Rev5",
"CECC-S Rev6"
],
"skus": [
"574416"
],
"x_generic_uris": [
{
"namespace": "Festo:Partnumber",
"uri": "Festo:Partnumber:574416"
},
{
"namespace": "Festo:Ordercode",
"uri": "Festo:Ordercode:CECC-S"
}
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version",
"name": "R05 (17.06.2016) = 2.3.8.0",
"product": {
"name": "Firmware 2.3.8.0",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "R06 (11.10.2016) = 2.3.8.1",
"product": {
"name": "Firmware 2.3.8.1",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "2.4.2.0",
"product": {
"name": "Firmware 2.4.2.0",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Festo"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.8.0 installed on Controller CECC-D",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.8.1 installed on Controller CECC-D",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.8.0 installed on Controller CECC-LK",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.8.1 installed on Controller CECC-LK",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.8.0 installed on Controller CECC-S",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.8.1 installed on Controller CECC-S",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.4.2.0 installed on Controller CECC-D",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.4.2.0 installed on Controller CECC-D",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.4.2.0 installed on Controller CECC-LK",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22515",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-22515"
},
{
"cve": "CVE-2022-22514",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-22514"
},
{
"cve": "CVE-2022-22513",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-22513"
},
{
"cve": "CVE-2021-36763",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-36763"
},
{
"cve": "CVE-2021-33485",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-33485"
},
{
"cve": "CVE-2020-12068",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-12068"
},
{
"cve": "CVE-2020-10245",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-10245"
},
{
"cve": "CVE-2019-9008",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-9008"
},
{
"cve": "CVE-2019-18858",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-18858"
},
{
"cve": "CVE-2019-13548",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-13548"
},
{
"cve": "CVE-2019-13542",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-13542"
},
{
"cve": "CVE-2020-15806",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-15806"
},
{
"cve": "CVE-2019-9009",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-9009"
},
{
"cve": "CVE-2019-9011",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-9011"
},
{
"cve": "CVE-2019-9013",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-9013"
},
{
"cve": "CVE-2020-12067",
"cwe": {
"id": "CWE-640",
"name": "Weak Password Recovery Mechanism for Forgotten Password"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-12067"
},
{
"cve": "CVE-2020-12069",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-12069"
},
{
"cve": "CVE-2019-9010",
"cwe": {
"id": "CWE-283",
"name": "Unverified Ownership"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-9010"
},
{
"cve": "CVE-2021-36764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-36764"
},
{
"cve": "CVE-2019-9012",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-9012"
},
{
"cve": "CVE-2020-7052",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-7052"
},
{
"cve": "CVE-2019-5105",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-5105"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-29242"
},
{
"cve": "CVE-2022-22519",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-22519"
},
{
"cve": "CVE-2022-22517",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-22517"
},
{
"cve": "CVE-2019-13532",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-13532"
},
{
"cve": "CVE-2018-20026",
"cwe": {
"id": "CWE-923",
"name": "Improper Restriction of Communication Channel to Intended Endpoints"
},
"notes": [
{
"category": "description",
"text": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2018-20026"
},
{
"cve": "CVE-2018-20025",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "description",
"text": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2018-20025"
},
{
"cve": "CVE-2018-0739",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2019-5105, CVE-2019-9011, CVE-2019-9013, CVE-2020-10245, CVE-2020-12067, CVE-2020-12068, CVE-2020-12069, CVE-2020-15806, CVE-2021-29241, CVE-2021-29242, CVE-2021-33485, CVE-2021-36763, CVE-2021-36764, CVE-2022-22513, CVE-2022-22514, CVE-2022-22515, CVE-2022-22517, CVE-2022-22519: No fix planned. This issue will be handled with next hardware generation release.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2018-0739"
},
{
"cve": "CVE-2018-10612",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "description",
"text": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2018-10612"
},
{
"cve": "CVE-2017-3735",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2010-5250",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "description",
"text": "Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For CVE-2010-5250, CVE-2017-3735, CVE-2018-0739, CVE-2018-10612, CVE-2018-20025, CVE-2018-20026, CVE-2019-13532, CVE-2019-13542, CVE-2019-13548, CVE-2019-18858, CVE-2019-9008, CVE-2019-9009, CVE-2019-9010, CVE-2019-9012, CVE-2020-7052: Update to version 2.4.2.0. This also fixes CODESYS Advisory 2017-01, CODESYS Advisory 2017-03, CODESYS Advisory 2017-06, CODESYS Advisory 2017-07, CODESYS Advisory 2017-09, CODESYS Advisory 2018-04, CODESYS Advisory 2018-05, CODESYS Advisory 2018-07, CODESYS Advisory 2018-11.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"environmentalScore": 6.9,
"integrityImpact": "COMPLETE",
"temporalScore": 6.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2010-5250"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…