CVE-2019-9009

An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
codesyscontrol_for_beaglebone
𝑥
< 3.5.15.0
codesyscontrol_for_empc-a\/imx6
𝑥
< 3.5.15.0
codesyscontrol_for_iot2000
𝑥
< 3.5.15.0
codesyscontrol_for_pfc100
𝑥
< 3.5.15.0
codesyscontrol_for_pfc200
𝑥
< 3.5.15.0
codesyscontrol_for_raspberry_pi
𝑥
< 3.5.15.0
codesyscontrol_rte
𝑥
< 3.5.15.0
codesyscontrol_win
𝑥
< 3.5.15.0
codesysgateway
𝑥
< 3.5.15.0
codesyshmi
𝑥
< 3.5.15.0
codesyslinux
𝑥
< 3.5.15.0
codesysruntime_system_toolkit
𝑥
< 3.5.15.0
codesyssafety_sil2
𝑥
< 3.5.15.0
codesyssimulation_runtime
𝑥
< 3.5.15.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=
https://www.us-cert.gov/ics/advisories/icsa-19-255-05
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=
https://www.us-cert.gov/ics/advisories/icsa-19-255-05