Vulnerability CVE-2020-7052


Published: 2020-01-24

Description:
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Codesys -> Control for beaglebone 
Codesys -> Control for empc-a\/imx6 
Codesys -> Control for iot2000 
Codesys -> Control for linux 
Codesys -> Control for pfc100 
Codesys -> Control for pfc200 
Codesys -> Control for plcnext 
Codesys -> Control for raspberry pi 
Codesys -> Control rte 
Codesys -> Control runtime system toolkit 
Codesys -> Control win 
Codesys -> Gateway 
Codesys -> HMI 
Codesys -> Safety sil2 
Codesys -> Simulation runtime 

 References:
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download
=
https://www.tenable.com/security/research/tra-2020-04

Copyright 2022, cxsecurity.com

 

Back to Top