CVE-2019-13532
Summary
| CVE | CVE-2019-13532 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-09-13 17:15:00 UTC |
| Updated | 2019-10-09 23:46:00 UTC |
| Description | CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Codesys | Control For Beaglebone | All | All | All | All |
| Application | Codesys | Control For Beaglebone | All | All | All | All |
| Application | Codesys | Control For Empc-a/imx6 | All | All | All | All |
| Application | Codesys | Control For Empc-a/imx6 | All | All | All | All |
| Application | Codesys | Control For Empc-a/imx6 | All | All | All | All |
| Application | Codesys | Control For Iot2000 | All | All | All | All |
| Application | Codesys | Control For Iot2000 | All | All | All | All |
| Application | Codesys | Control For Linux | All | All | All | All |
| Application | Codesys | Control For Linux | All | All | All | All |
| Application | Codesys | Control For Pfc100 | All | All | All | All |
| Application | Codesys | Control For Pfc100 | All | All | All | All |
| Application | Codesys | Control For Pfc200 | All | All | All | All |
| Application | Codesys | Control For Pfc200 | All | All | All | All |
| Application | Codesys | Control For Raspberry Pi | All | All | All | All |
| Application | Codesys | Control For Raspberry Pi | All | All | All | All |
| Application | Codesys | Control Rte | All | All | All | All |
| Application | Codesys | Control Rte | All | All | All | All |
| Application | Codesys | Control Runtime System Toolkit | All | All | All | All |
| Application | Codesys | Control Runtime System Toolkit | All | All | All | All |
| Application | Codesys | Control Win | All | All | All | All |
| Application | Codesys | Control Win | All | All | All | All |
| Application | Codesys | Control Win | All | All | All | All |
| Application | Codesys | Embedded Target Visu Toolkit | All | All | All | All |
| Application | Codesys | Embedded Target Visu Toolkit | All | All | All | All |
| Application | Codesys | Hmi | All | All | All | All |
| Application | Codesys | Hmi | All | All | All | All |
| Application | Codesys | Remote Target Visu Toolkit | All | All | All | All |
| Application | Codesys | Remote Target Visu Toolkit | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 3S-Smart Software Solutions GmbH CODESYS V3 Web Server | CISA | MISC | www.us-cert.gov | Mitigation, Patch, Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590645 3S-Smart Software Solutions GmbH CODESYS V3 Web Server Multiple Vulnerabilities (ICSA-19-255-01)