Vulnerability Description
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Control For Beaglebone | < 3.5.15.20 |
| Codesys | Control For Empc-A\/Imx6 | < 3.5.15.20 |
| Codesys | Control For Iot2000 | < 3.5.15.20 |
| Codesys | Control For Linux | < 3.5.15.20 |
| Codesys | Control For Pfc100 | < 3.5.15.20 |
| Codesys | Control For Pfc200 | < 3.5.15.20 |
| Codesys | Control For Plcnext | < 3.5.15.20 |
| Codesys | Control For Raspberry Pi | < 3.5.15.20 |
| Codesys | Control Rte | < 3.5.15.20 |
| Codesys | Control Runtime System Toolkit | < 3.5.15.20 |
| Codesys | Control Win | < 3.5.15.20 |
| Codesys | Embedded Target Visu Toolkit | < 3.5.15.20 |
| Codesys | Hmi | < 3.5.15.20 |
| Codesys | Remote Target Visu Toolkit | < 3.5.15.20 |
Related Weaknesses (CWE)
References
- https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory201Vendor Advisory
- https://www.tenable.com/security/research/tra-2019-48ExploitThird Party Advisory
- https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory201Vendor Advisory
- https://www.tenable.com/security/research/tra-2019-48ExploitThird Party Advisory
FAQ
What is CVE-2019-18858?
CVE-2019-18858 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
How severe is CVE-2019-18858?
CVE-2019-18858 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18858?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone, Codesys Control For Empc-A\/Imx6, Codesys Control For Iot2000, Codesys Control For Linux, Codesys Control For Pfc100.