Vulnerability Description
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Control For Beaglebone | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Empc-A\/Imx6 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Iot2000 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Pfc100 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Pfc200 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Raspberry Pi | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control Rte | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control Win | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Linux | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Runtime System Toolkit | >= 3.5.11.0, < 3.5.15.0 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-19-255-04Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-19-255-04Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-13542?
CVE-2019-13542 is a vulnerability with a CVSS score of 6.5 (MEDIUM). 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer derefer...
How severe is CVE-2019-13542?
CVE-2019-13542 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13542?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone, Codesys Control For Empc-A\/Imx6, Codesys Control For Iot2000, Codesys Control For Pfc100, Codesys Control For Pfc200.