Unauthorized Access Vulnerability in 3S-Smart CODESYS V3
CVE-2019-9008

8.8HIGH

Key Information:

Vendor

Codesys

Status
Control For Beaglebone
Control For Empc-a\/imx6
Control For Iot2000
Control For Pfc100
Vendor
CVE Published:
17 September 2019

What is CVE-2019-9008?

A significant vulnerability has been identified in 3S-Smart CODESYS V3 up to version 3.5.12.30, wherein a user with limited privileges can exploit this flaw to achieve full control over the runtime environment. This may allow an attacker to manipulate system operations and gain unauthorized access to sensitive functionalities within the CODESYS platform, posing substantial risks to process automation and system integrity.

References

https://www.codesys.com/
x_refsource_MISC
https://www.us-cert.gov/ics/advisories/icsa-19-255-03
third-party-advisoryx_refsource_CERT
https://customers.codesys.com/index.php?eID=dumpFile&t=f&...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.