Vulnerability Description
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Codesys | < 3.5.16.0 |
Related Weaknesses (CWE)
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed9Vendor Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-255-02Third Party AdvisoryUS Government Resource
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed9Vendor Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-255-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-13538?
CVE-2019-13538 is a vulnerability with a CVSS score of 8.6 (HIGH). 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the cont...
How severe is CVE-2019-13538?
CVE-2019-13538 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13538?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Codesys.