CVE-2019-13542
Last modified
CVE-2019-13542 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.. EPSS estimates a 1.36% chance of exploitation in the next 30 days.
Description
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Control For Beaglebone | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Empc-A\/Imx6 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Iot2000 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Pfc100 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Pfc200 | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control For Raspberry Pi | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control Rte | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Control Win | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Linux | >= 3.5.11.0, < 3.5.15.0 |
| Codesys | Runtime System Toolkit | >= 3.5.11.0, < 3.5.15.0 |
References
- https://www.us-cert.gov/ics/advisories/icsa-19-255-04Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-19-255-04Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-13542?
How severe is CVE-2019-13542?
How do I fix CVE-2019-13542?
Are you affected by CVE-2019-13542?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST