Network Packet Processing Vulnerability in CODESYS by 3S-Smart
CVE-2019-9009

7.5HIGH

Key Information:

Vendor: Codesys
Status: Gateway; Hmi; Simulation Runtime; Safety Sil2
Vendor: CVE Published:; 17 September 2019

What is CVE-2019-9009?

An issue in CODESYS by 3S-Smart allows specially crafted network packets to disrupt the Control Runtime, leading to system crashes. This vulnerability highlights the importance of secure network configurations and rigorous packet validation to prevent potential exploits that could compromise stability and availability within industrial control systems.

References

https://www.us-cert.gov/ics/advisories/icsa-19-255-05

x_refsource_MISC

https://customers.codesys.com/index.php?eID=dumpFile&t=f&...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Feb 22, 2019

Codesys

What is CVE-2019-9009?

References

CVSS V3.1

Timeline