Uncontrolled Memory Allocation in CODESYS Control Runtime System
CVE-2020-15806

7.5HIGH

Key Information:

Vendor

Codesys

Status
Control Rte
Control For Beaglebone
Control For Empc-a\/imx6
Control For Iot2000
Vendor
CVE Published:
22 July 2020

What is CVE-2020-15806?

CODESYS Control runtime system versions before 3.5.16.10 are susceptible to a flaw that allows for uncontrolled memory allocation. This vulnerability could potentially enable an attacker to exploit system resources, leading to unpredictable behavior, application crashes, or denial of service. Users are advised to upgrade to the latest patched version to mitigate this risk.

References

https://www.codesys.com
x_refsource_MISC
https://customers.codesys.com/index.php?eID=dumpFile&t=f&...
x_refsource_CONFIRM
https://www.tenable.com/security/research/tra-2020-46
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.