#VU21099 NULL pointer dereference in CODESYS products - CVE-2019-13542
Published: September 13, 2019 / Updated: September 13, 2019
Vulnerability identifier: #VU21099
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-13542
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CODESYS Control Win V3 (part of the CODESYS Development System setup)
CODESYS Control RTE V3
CODESYS Control RTE V3 (for Beckhoff CX)
CODESYS Control for Raspberry Pi
CODESYS Control for PFC200
CODESYS Control for PFC100
CODESYS Control for Linux
CODESYS Control for IOT2000
CODESYS Control for emPC-A/iMX6
CODESYS Control for BeagleBone
CODESYS firmware
CODESYS Control Win V3 (part of the CODESYS Development System setup)
CODESYS Control RTE V3
CODESYS Control RTE V3 (for Beckhoff CX)
CODESYS Control for Raspberry Pi
CODESYS Control for PFC200
CODESYS Control for PFC100
CODESYS Control for Linux
CODESYS Control for IOT2000
CODESYS Control for emPC-A/iMX6
CODESYS Control for BeagleBone
CODESYS firmware
Software vendor:
CODESYS
CODESYS
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing requests. A remote authenticated attacker can send a specially crafted request from a trusted OPC UA client and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.