Memory Allocation Issue in CODESYS V3 Products by 3S-Smart
CVE-2019-9012

7.5HIGH

Key Information:

Vendor: Codesys
Status: Control For Beaglebone Sl; Control For Empc-a\/imx6 Sl; Control For Iot2000 Sl; Control For Linux Sl
Vendor: CVE Published:; 15 August 2019

What is CVE-2019-9012?

A vulnerability has been identified in various products within the CODESYS V3 suite by 3S-Smart, allowing crafted communication requests to lead to uncontrolled memory allocations. This can potentially disrupt the functioning of the affected CODESYS products, leading to a denial-of-service scenario. This issue affects all variants of the CODESYS V3 products containing the CmpGateway component prior to version 3.5.14.20, across different CPU types and operating systems, making it crucial for users to review and patch vulnerable installations.

References

https://www.us-cert.gov/ics/advisories/icsa-19-213-03

x_refsource_MISC

https://customers.codesys.com/index.php?eID=dumpFile&t=f&...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2019
Vulnerability Reserved
Feb 22, 2019

Codesys

What is CVE-2019-9012?

References

CVSS V3.1

Timeline