Lucene search

[email protected]CVE-2020-10245

HistoryMar 26, 2020 - 4:15 a.m.

CVE-2020-10245

2020-03-2604:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-10245

codesys

web server

buffer overflow

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.0%

JSON

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

CPENameOperatorVersion
codesys:control_for_plcnextcodesys control for plcnextlt3.5.15.40
codesys:control_for_beaglebonecodesys control for beaglebonelt3.5.15.40
codesys:control_for_empc-a\/imx6codesys control for empc-a\/imx6lt3.5.15.40
codesys:control_for_iot2000codesys control for iot2000lt3.5.15.40
codesys:control_for_linuxcodesys control for linuxlt3.5.15.40
codesys:control_for_pfc100codesys control for pfc100lt3.5.15.40
codesys:control_for_pfc200codesys control for pfc200lt3.5.15.40
codesys:control_for_raspberry_picodesys control for raspberry pilt3.5.15.40
codesys:control_rtecodesys control rtelt3.5.15.40
codesys:control_runtime_system_toolkitcodesys control runtime system toolkitlt3.5.15.40

CPE	Name	Operator	Version
codesys:control_for_plcnext	codesys control for plcnext	lt	3.5.15.40
codesys:control_for_beaglebone	codesys control for beaglebone	lt	3.5.15.40
codesys:control_for_empc-a\/imx6	codesys control for empc-a\/imx6	lt	3.5.15.40
codesys:control_for_iot2000	codesys control for iot2000	lt	3.5.15.40
codesys:control_for_linux	codesys control for linux	lt	3.5.15.40
codesys:control_for_pfc100	codesys control for pfc100	lt	3.5.15.40
codesys:control_for_pfc200	codesys control for pfc200	lt	3.5.15.40
codesys:control_for_raspberry_pi	codesys control for raspberry pi	lt	3.5.15.40
codesys:control_rte	codesys control rte	lt	3.5.15.40
codesys:control_runtime_system_toolkit	codesys control runtime system toolkit	lt	3.5.15.40

Rows per page:

1-10 of 141

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=

www.tenable.com/security/research/tra-2020-16

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2020-10245

nessus2 prion1 attackerkb1 threatpost4 checkpoint_advisories1