First published: Thu Mar 26 2020(Updated: )
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Codesys Control For Beaglebone | <3.5.15.40 | |
Codesys Control For Empc-a\/imx6 | <3.5.15.40 | |
Codesys Control For Iot2000 | <3.5.15.40 | |
Codesys Control For Linux | <3.5.15.40 | |
Codesys Control For Pfc100 | <3.5.15.40 | |
Codesys Control For Pfc200 | <3.5.15.40 | |
Codesys Control For Plcnext | <3.5.15.40 | |
Codesys Control For Raspberry Pi | <3.5.15.40 | |
Codesys Control Rte | >=3.5.8.60<3.5.15.40 | |
Codesys Control Rte | >=3.5.8.60<3.5.15.40 | |
Codesys Control Runtime System Toolkit | >=3.0<3.5.15.40 | |
Codesys Control Win | >=3.5.9.80<3.5.15.40 | |
Codesys Embedded Target Visu Toolkit | >=3.0<3.5.15.40 | |
Codesys Hmi | >=3.5.10.0<3.5.15.40 | |
Codesys Remote Target Visu Toolkit | >=3.0<3.5.15.40 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10245 is a vulnerability in CODESYS V3 web server that can lead to a buffer overflow.
The severity of CVE-2020-10245 is critical, with a CVSS score of 9.8.
CODESYS Control runtime systems before version 3.5.15.40 are affected by CVE-2020-10245.
To fix CVE-2020-10245, update CODESYS Control runtime systems to version 3.5.15.40 or higher.
More information about CVE-2020-10245 can be found at the following references: [Reference 1](https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=), [Reference 2](https://www.tenable.com/security/research/tra-2020-16).