First published: Fri Sep 13 2019(Updated: )
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Codesys Control For Beaglebone | <3.5.14.10 | |
Codesys Control For Empc-a\/imx6 | <3.5.14.10 | |
Codesys Control For Iot2000 | <3.5.14.10 | |
Codesys Control For Linux | <3.5.14.10 | |
Codesys Control For Pfc100 | <3.5.14.10 | |
Codesys Control For Pfc200 | <3.5.14.10 | |
Codesys Control For Raspberry Pi | <3.5.14.10 | |
Codesys Control Rte | >=3.5.8.60<3.5.12.80 | |
Codesys Control Rte | >=3.5.13.0<3.5.14.10 | |
Codesys Control Runtime System Toolkit | >=3.0<3.5.12.80 | |
Codesys Control Win | >=3.5.9.80<=3.5.12.80 | |
Codesys Control Win | >=3.5.13.0<3.5.14.10 | |
Codesys Embedded Target Visu Toolkit | >=3.0<3.5.12.80 | |
Codesys Hmi | >=3.5.10.0<3.5.12.80 | |
Codesys Hmi | >=3.5.13.0<3.5.14.10 | |
Codesys Remote Target Visu Toolkit | >=3.0<3.5.12.80 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-13548 is a vulnerability in CODESYS V3 web server that allows an attacker to send specially crafted requests, leading to a denial-of-service condition or remote code execution.
CVE-2019-13548 affects all versions of CODESYS V3 web server prior to 3.5.14.10.
CVE-2019-13548 has a severity rating of 9.8 (critical).
An attacker can exploit CVE-2019-13548 by sending specially crafted HTTP or HTTPS requests to the vulnerable CODESYS V3 web server.
Yes, the fix for CVE-2019-13548 is to update to version 3.5.14.10 or later of CODESYS V3 web server.