Memory Corruption Vulnerability in CODESYS GatewayService by 3S-Smart Software Solutions
CVE-2019-5105

7.5HIGH

Key Information:

Vendor: Codesys
Status: 3s
Vendor: CVE Published:; 26 March 2020

What is CVE-2019-5105?

A critical memory corruption vulnerability exists in the Name Service Client functionality of the CODESYS GatewayService by 3S-Smart Software Solutions. This flaw allows an attacker to exploit the service by sending a specially crafted packet, leading to a large memcpy that can cause an access violation, resulting in the termination of the process. All variants of CODESYS V3, particularly those containing the CmpRouter or CmpRouterEmbedded component, are impacted. Affected devices span various platforms and OS types, highlighting the need for immediate attention to secure these systems.

Affected Version(s)

3S 3S-Smart Software Solutions CODESYS 3.5.15.0

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&...

x_refsource_MISC

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2020
Vulnerability Reserved
Jan 4, 2019

Codesys

What is CVE-2019-5105?

Affected Version(s)

References

CVSS V3.1

Timeline