Codesys Control Uncontrolled Resource Consumption

medium Tenable.ot Plugin ID 500370

Description

CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.

Solution

Refer to vendor advisory for Security Updates

See Also

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=

https://www.tenable.com/security/research/tra-2020-04

Plugin Details

Severity: Medium

ID: 500370

Version: 1.0

Type: local

Family: SCADA

Published: 5/27/2020

Updated: 5/27/2020

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2020-7052

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*, cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*, cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*

Patch Publication Date: 1/24/2020

Vulnerability Publication Date: 1/24/2020

Reference Information

CVE: CVE-2020-7052