cvelistv5 - cve-2019-9010

▼	URL	Tags
	cve@mitre.org	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=	Vendor Advisory
	cve@mitre.org	https://www.us-cert.gov/ics/advisories/icsa-19-213-03	Third Party Advisory, US Government Resource

▼	Vendor	Product
	n/a	n/a

ghsa-ppm6-8p65-j9xg

Vulnerability from github

Published

2022-05-24 16:53

Modified

2023-02-23 03:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9010"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-15T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",
  "id": "GHSA-ppm6-8p65-j9xg",
  "modified": "2023-02-23T03:30:15Z",
  "published": "2022-05-24T16:53:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9010"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-201908-0055

Vulnerability from variot

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0055",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "control for raspberry pi sl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for empc-a\\/imx6 sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "control for linux sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "control runtime toolkit",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "development system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "control for iot2000 sl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for beaglebone sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "control runtime toolkit",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "control for linux sl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for pfc100 sl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for pfc200 sl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for iot2000 sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "control for beaglebone sl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for raspberry pi sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for empc-a\\/imx6 sl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "development system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.0"
      },
      {
        "model": "control for pfc100 sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "control for pfc200 sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control for beaglebone",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control for empc-a/imx6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control for iot2000",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control for linux",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control for pfc100",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control for pfc200",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control for raspberry pi",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys control runtime system toolkit",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys development system",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      },
      {
        "model": "codesys gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "3.5.14.20"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "3S-Smart Software Solutions GmbH",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-9010",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-9010",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-160445",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-9010",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9010",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-161",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160445",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160445"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9010",
        "trust": 2.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-213-03",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161",
        "trust": 0.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-213-04",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2901",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160445",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ]
  },
  "id": "VAR-201908-0055",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160445"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:18:39.876000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.codesys.com/"
      },
      {
        "title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95921"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
      },
      {
        "trust": 1.6,
        "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9010"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9010"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2901/"
      },
      {
        "trust": 0.1,
        "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12937\u0026amp;token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026amp;download="
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-160445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160445"
      },
      {
        "date": "2019-09-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "date": "2019-08-15T18:15:23.397000",
        "db": "NVD",
        "id": "CVE-2019-9010"
      },
      {
        "date": "2019-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160445"
      },
      {
        "date": "2019-09-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      },
      {
        "date": "2023-02-23T02:50:01.020000",
        "db": "NVD",
        "id": "CVE-2019-9010"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  3S-Smart CODESYS Access control vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008668"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-161"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-9010

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

Aliases

CVE-2019-9010

Aliases

CVE-2019-9010

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9010",
    "description": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",
    "id": "GSD-2019-9010"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9010"
      ],
      "details": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.",
      "id": "GSD-2019-9010",
      "modified": "2023-12-13T01:23:47.531240Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-9010",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
          },
          {
            "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download=",
            "refsource": "CONFIRM",
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.14.20",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9010"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
            },
            {
              "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download=",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-23T02:50Z",
      "publishedDate": "2019-08-15T18:15Z"
    }
  }
}

icsa-19-213-03

Vulnerability from csaf_cisa

Published

2019-08-01 00:00

Modified

2019-08-01 00:00

Summary

3S-Smart Software Solutions GmbH CODESYS V3

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow a remote attacker to close existing communication channels or to take over an already established user session to send crafted packets to a PLC.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "3S-Smart Software Solutions GmbH",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow a remote attacker to close existing communication channels or to take over an already established user session to send crafted packets to a PLC.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-213-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-213-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-213-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-213-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "3S-Smart Software Solutions GmbH CODESYS V3",
    "tracking": {
      "current_release_date": "2019-08-01T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-213-03",
      "initial_release_date": "2019-08-01T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-08-01T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-213-03 3S-Smart Software Solutions GmbH CODESYS V3"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control for Raspberry Pi: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control for Raspberry Pi"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control V3 Runtime System Toolkit: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control V3 Runtime System Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control for PFC100: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control for PFC100"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control for BeagleBone: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control for BeagleBone"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control for PFC200: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control for PFC200"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control for emPC-A/iMX6: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control for emPC-A/iMX6"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS V3 Development System: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS V3 Development System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control for Linux: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control for Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Gateway V3: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Gateway V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.5.14.20",
                "product": {
                  "name": "CODESYS Control for IOT2000: all versions prior to v3.5.14.20",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Control for IOT2000"
          }
        ],
        "category": "vendor",
        "name": "3S-Smart Software Solutions GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-9010",
      "cwe": {
        "id": "CWE-283",
        "name": "Unverified Ownership"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The CODESYS Gateway does not correctly verify the ownership of a communication channel. CVE-2019-9010 has been assigned to this vulnerability. A CVSS v3 base score of 9.0 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9012"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "3S-Smart Software Solutions GmbH has released v3.5.14.20 and v3.5.15.0. Each of these releases solve the noted vulnerabilities issues.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please visit the CODESYS update area for more information on how to obtain the software update: https://www.codesys.com/download/",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010"
          ],
          "url": "https://www.codesys.com/download/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-9012",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. CVE-2019-9012  has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9012"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "3S-Smart Software Solutions GmbH has released v3.5.14.20 and v3.5.15.0. Each of these releases solve the noted vulnerabilities issues.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please visit the CODESYS update area for more information on how to obtain the software update: https://www.codesys.com/download/",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010"
          ],
          "url": "https://www.codesys.com/download/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010"
          ]
        }
      ]
    }
  ]
}

cve-2019-9010

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2019-9010

Vulnerability from cvelistv5

ghsa-ppm6-8p65-j9xg

Vulnerability from github

var-201908-0055

Vulnerability from variot

gsd-2019-9010

Vulnerability from gsd

icsa-19-213-03

Vulnerability from csaf_cisa

Tags

Sightings

Nomenclature