The 3S CODESYS Runtime environment running on the remote host is affected by multiple vulnerabilities:
The CODESYS Gateway does not correctly verify the ownership of a communication channel. (CVE-2019-9010)
A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. (CVE-2019-9012)
The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. (CVE-2019-9013)
Note that Nessus has not tested for the issue but has instead relied only on the application’s self-reported version number.
Binary data scada_codesys_runtime_3_5_14_20.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
3s-software | codesys_runtime_system | cpe:/a:3s-software:codesys_runtime_system |