Lucene search

[email protected]CVE-2019-13532

HistorySep 13, 2019 - 5:15 p.m.

CVE-2019-13532

2019-09-1317:15:11

CWE-22

[email protected]

web.nvd.nist.gov

234

cve-2019-13532

codesys

web server

file access

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

Affected configurations

NVD

Node

codesyscontrol_for_beagleboneRange<3.5.14.10

codesyscontrol_for_empc-a\/imx6Range<3.5.14.10

codesyscontrol_for_iot2000Range<3.5.14.10

codesyscontrol_for_linuxRange<3.5.14.10

codesyscontrol_for_pfc100Range<3.5.14.10

codesyscontrol_for_pfc200Range<3.5.14.10

codesyscontrol_for_raspberry_piRange<3.5.14.10

codesyscontrol_rteRange3.5.8.60–3.5.12.80

codesyscontrol_rteRange3.5.13.0–3.5.14.10

codesyscontrol_runtime_system_toolkitRange3.0–3.5.12.80

codesyscontrol_winRange3.5.9.80–3.5.12.80

codesyscontrol_winRange3.5.13.0–3.5.14.10

codesysembedded_target_visu_toolkitRange3.0–3.5.12.80

codesyshmiRange3.5.10.0–3.5.12.80

codesyshmiRange3.5.13.0–3.5.14.10

codesysremote_target_visu_toolkitRange3.0–3.5.12.80

CPENameOperatorVersion
codesys:control_for_beaglebonecodesys control for beaglebonelt3.5.14.10
codesys:control_for_empc-a\/imx6codesys control for empc-a/imx6lt3.5.14.10
codesys:control_for_iot2000codesys control for iot2000lt3.5.14.10
codesys:control_for_linuxcodesys control for linuxlt3.5.14.10
codesys:control_for_pfc100codesys control for pfc100lt3.5.14.10
codesys:control_for_pfc200codesys control for pfc200lt3.5.14.10
codesys:control_for_raspberry_picodesys control for raspberry pilt3.5.14.10
codesys:control_rtecodesys control rtelt3.5.12.80
codesys:control_rtecodesys control rtelt3.5.14.10
codesys:control_runtime_system_toolkitcodesys control runtime system toolkitlt3.5.12.80

CPE	Name	Operator	Version
codesys:control_for_beaglebone	codesys control for beaglebone	lt	3.5.14.10
codesys:control_for_empc-a\/imx6	codesys control for empc-a/imx6	lt	3.5.14.10
codesys:control_for_iot2000	codesys control for iot2000	lt	3.5.14.10
codesys:control_for_linux	codesys control for linux	lt	3.5.14.10
codesys:control_for_pfc100	codesys control for pfc100	lt	3.5.14.10
codesys:control_for_pfc200	codesys control for pfc200	lt	3.5.14.10
codesys:control_for_raspberry_pi	codesys control for raspberry pi	lt	3.5.14.10
codesys:control_rte	codesys control rte	lt	3.5.12.80
codesys:control_rte	codesys control rte	lt	3.5.14.10
codesys:control_runtime_system_toolkit	codesys control runtime system toolkit	lt	3.5.12.80

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "CODESYS V3 web server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "all versions prior to 3.5.14.10"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsa-19-255-01

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2019-13532

nvd1 prion1 cvelist1 ics1 nessus1