#VU19622 Memory leak in CODESYS products - CVE-2019-9012
Published: August 2, 2019 / Updated: August 2, 2019
Vulnerability identifier: #VU19622
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-9012
CWE-ID: CWE-401
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
CODESYS Development System
CODESYS Gateway
CODESYS Control Runtime System Toolkit
CODESYS Control for Raspberry Pi
CODESYS Control for PFC200
CODESYS Control for PFC100
CODESYS Control for Linux
CODESYS Control for IOT2000
CODESYS Control for emPC-A/iMX6
CODESYS Control for BeagleBone
CODESYS firmware
CODESYS Development System
CODESYS Gateway
CODESYS Control Runtime System Toolkit
CODESYS Control for Raspberry Pi
CODESYS Control for PFC200
CODESYS Control for PFC100
CODESYS Control for Linux
CODESYS Control for IOT2000
CODESYS Control for emPC-A/iMX6
CODESYS Control for BeagleBone
CODESYS firmware
Software vendor:
CODESYS
CODESYS
Description
The vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due memory leak within the CmpGateway component when processing network traffic. A remote attacker can send specially crafted packets to the affected application and perform denial of service attack.
Remediation
3S-Smart Software Solutions GmbH has released 3.5.14.20 and 3.5.15.0 versions to address this vulnerability.