Design/Logic Flaw

2019-09-1317:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

CPENameOperatorVersion
control_for_beaglebonelt3.5.14.10
control_for_empc-a\\/imx6lt3.5.14.10
control_for_iot2000lt3.5.14.10
control_for_linuxlt3.5.14.10
control_for_pfc100lt3.5.14.10
control_for_pfc200lt3.5.14.10
control_for_raspberry_pilt3.5.14.10
control_rtege3.5.8.60
control_rtelt3.5.12.80
control_rtege3.5.13.0

Name	Operator	Version
control_for_beaglebone	lt	3.5.14.10
control_for_empc-a\\/imx6	lt	3.5.14.10
control_for_iot2000	lt	3.5.14.10
control_for_linux	lt	3.5.14.10
control_for_pfc100	lt	3.5.14.10
control_for_pfc200	lt	3.5.14.10
control_for_raspberry_pi	lt	3.5.14.10
control_rte	ge	3.5.8.60
control_rte	lt	3.5.12.80
control_rte	ge	3.5.13.0