CVE-2019-13532

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-19-255-01	Mitigation Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control_for_beaglebone::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6::::::::
	cpe:2.3:a:codesys:control_for_iot2000::::::::
	cpe:2.3:a:codesys:control_for_linux::::::::
	cpe:2.3:a:codesys:control_for_pfc100::::::::
	cpe:2.3:a:codesys:control_for_pfc200::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi::::::::
	cpe:2.3:a:codesys:control_rte::::::::
	cpe:2.3:a:codesys:control_rte::::::::
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win::::::::
	cpe:2.3:a:codesys:control_win::::::::
	cpe:2.3:a:codesys:embedded_target_visu_toolkit::::::::
	cpe:2.3:a:codesys:hmi::::::::
	cpe:2.3:a:codesys:hmi::::::::
	cpe:2.3:a:codesys:remote_target_visu_toolkit::::::::

History

No history.

Information

Published : 2019-09-13 17:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-13532

Mitre link : CVE-2019-13532

CVE.ORG link : CVE-2019-13532

JSON object : View

Products Affected

codesys

control_rte
control_for_pfc200
control_for_linux
control_for_raspberry_pi
control_for_pfc100
control_runtime_system_toolkit
hmi
embedded_target_visu_toolkit
control_for_iot2000
remote_target_visu_toolkit
control_win
control_for_empc-a\/imx6
control_for_beaglebone

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2019-13532", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-13T17:15:11.617", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", "tags": ["Mitigation", "Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller."}, {"lang": "es", "value": "El servidor web de CODESYS V3, todas las versiones anteriores a 3.5.14.10, permite a un atacante enviar peticiones http o https especialmente dise\u00f1adas que pueden conceder el acceso a archivos fuera del directorio de trabajo restringido del controlador."}], "lastModified": "2019-10-09T23:46:33.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC95996F-4E60-4CCE-BC7D-2F998969455D", "versionEndExcluding": "3.5.14.10"}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCE0D6F6-86D9-488A-A02B-48F4BD6F67D4", "versionEndExcluding": "3.5.14.10"}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08C05889-826B-411F-AD6A-F18C432A3B1F", "versionEndExcluding": "3.5.14.10"}, {"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "225A5B49-7DB5-4B80-A560-5BEE65A7FC3D", "versionEndExcluding": "3.5.14.10"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E6DD82E-5047-4E7B-8C73-3BF8FD112F3A", "versionEndExcluding": "3.5.14.10"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A9B7EB-229C-4A23-9BB7-72A5ABD61279", "versionEndExcluding": "3.5.14.10"}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43092C73-1302-4915-B2BC-59058FF61EFA", "versionEndExcluding": "3.5.14.10"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9392852-7BEF-402C-9ED4-2D7D40955311", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.8.60"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB77946F-7038-40FD-8204-B777ED0E59D2", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0"}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1CB113B-1207-43D9-A999-42B08AD50EB2", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE519838-FADF-43EA-9723-9283C0E18E85", "versionEndIncluding": "3.5.12.80", "versionStartIncluding": "3.5.9.80"}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3466070E-1377-4272-AC73-717B9DEC144C", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0"}, {"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A7C9E7-ABF4-4C29-AF16-E697E35CFFC7", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD2CDAC2-F8EB-45F4-82E2-5E5601F49D8A", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.10.0"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AC3C628-281A-4E8E-ADE6-4CE976E187D4", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0"}, {"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08230AB2-9EA0-4F98-8CE5-0A9ADB2B2334", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}