Vulnerability Description
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Control For Beaglebone | < 3.5.14.10 |
| Codesys | Control For Empc-A\/Imx6 | < 3.5.14.10 |
| Codesys | Control For Iot2000 | < 3.5.14.10 |
| Codesys | Control For Linux | < 3.5.14.10 |
| Codesys | Control For Pfc100 | < 3.5.14.10 |
| Codesys | Control For Pfc200 | < 3.5.14.10 |
| Codesys | Control For Raspberry Pi | < 3.5.14.10 |
| Codesys | Control Rte | >= 3.5.8.60, < 3.5.12.80 |
| Codesys | Control Runtime System Toolkit | >= 3.0, < 3.5.12.80 |
| Codesys | Control Win | >= 3.5.9.80, <= 3.5.12.80 |
| Codesys | Embedded Target Visu Toolkit | >= 3.0, < 3.5.12.80 |
| Codesys | Hmi | >= 3.5.10.0, < 3.5.12.80 |
| Codesys | Remote Target Visu Toolkit | >= 3.0, < 3.5.12.80 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-19-255-01MitigationPatchThird Party Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-255-01MitigationPatchThird Party Advisory
FAQ
What is CVE-2019-13548?
CVE-2019-13548 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition ...
How severe is CVE-2019-13548?
CVE-2019-13548 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-13548?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone, Codesys Control For Empc-A\/Imx6, Codesys Control For Iot2000, Codesys Control For Linux, Codesys Control For Pfc100.