Uncontrolled Memory Allocation Vulnerability in CODESYS Control & Gateway Products
CVE-2020-7052

6.5MEDIUM

Key Information:

Vendor: Codesys
Status: Control For Beaglebone; Control For Empc-a\/imx6; Control For Iot2000; Control For Linux
Vendor: CVE Published:; 24 January 2020

What is CVE-2020-7052?

CODESYS Control V3, Gateway V3, and HMI V3 prior to version 3.5.15.30 are susceptible to an uncontrolled memory allocation vulnerability. This flaw can be exploited to trigger a remote denial of service condition, adversely affecting the availability of the affected services. Users of these products are recommended to update to the latest versions to mitigate the associated risks.

References

https://www.tenable.com/security/research/tra-2020-04

x_refsource_MISC

https://customers.codesys.com/index.php?eID=dumpFile&t=f&...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2020
Vulnerability Reserved
Jan 14, 2020

Codesys

What is CVE-2020-7052?

References

CVSS V3.1

Timeline