An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.

The 3S CODESYS Runtime environment running on the remote host is affected by multiple vulnerabilities:

  - The CODESYS Gateway does not correctly verify the ownership of a communication channel. (CVE-2019-9010)

  - A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products     and may result in a denial-of-service condition. (CVE-2019-9012)

  - The application may utilize non-TLS based encryption, which results in user credentials being     insufficiently protected during transport. (CVE-2019-9013)

Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.

A denial of service (DoS) vulnerability exists in CODESYS Gateway V3 due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this issue, via a specially crafted request, to cause the gateway to stop responding.

ID	Name	Product	Family	Severity
134977	3S CODESYS Runtime 3.x < 3.5.14.20 Multiple Vulnerabilities	Nessus	SCADA	critical
130430	CODESYS Gateway V3 DoS	Nessus	SCADA	high

Detections

Analytics

CVE-2019-9012

high

Tenable Plugins

critical

high