Vulnerabilities > CVE-2019-13542 - NULL Pointer Dereference vulnerability in Codesys products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

codesys

CWE-476

NVD

Published: 2019-09-17

Updated: 2019-10-09

Summary

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.

Vulnerable Configurations

Part	Description	Count
Application	Codesys Codesys Control FOR Beaglebone 3.5.11.0 Codesys Control FOR Beaglebone 3.5.11.10 Codesys Control FOR Beaglebone 3.5.11.20 Codesys Control FOR Beaglebone 3.5.11.50 Codesys Control FOR Beaglebone 3.5.11.60 Codesys Control FOR Beaglebone 3.5.12.0 Codesys Control FOR Beaglebone 3.5.12.10 Codesys Control FOR Beaglebone 3.5.12.30 Codesys Control FOR Beaglebone 3.5.12.70 Codesys Control FOR Beaglebone 3.5.13.0 Codesys Control FOR Beaglebone 3.5.13.20 Codesys Control FOR Beaglebone 3.5.13.30 Codesys Control FOR Beaglebone 3.5.14.0 Codesys Control FOR Beaglebone 3.5.14.10 Codesys Control FOR Empc A/Imx6 3.5.11.0 Codesys Control FOR Empc A/Imx6 3.5.11.10 Codesys Control FOR Empc A/Imx6 3.5.11.20 Codesys Control FOR Empc A/Imx6 3.5.11.50 Codesys Control FOR Empc A/Imx6 3.5.11.60 Codesys Control FOR Empc A/Imx6 3.5.12.0 Codesys Control FOR Empc A/Imx6 3.5.12.10 Codesys Control FOR Empc A/Imx6 3.5.12.30 Codesys Control FOR Empc A/Imx6 3.5.12.70 Codesys Control FOR Empc A/Imx6 3.5.13.0 Codesys Control FOR Empc A/Imx6 3.5.13.20 Codesys Control FOR Empc A/Imx6 3.5.13.30 Codesys Control FOR Empc A/Imx6 3.5.14.0 Codesys Control FOR Empc A/Imx6 3.5.14.10 Codesys Control FOR Iot2000 3.5.11.0 Codesys Control FOR Iot2000 3.5.11.10 Codesys Control FOR Iot2000 3.5.11.20 Codesys Control FOR Iot2000 3.5.11.50 Codesys Control FOR Iot2000 3.5.11.60 Codesys Control FOR Iot2000 3.5.12.0 Codesys Control FOR Iot2000 3.5.12.10 Codesys Control FOR Iot2000 3.5.12.30 Codesys Control FOR Iot2000 3.5.12.70 Codesys Control FOR Iot2000 3.5.13.0 Codesys Control FOR Iot2000 3.5.13.20 Codesys Control FOR Iot2000 3.5.13.30 Codesys Control FOR Iot2000 3.5.14.0 Codesys Control FOR Iot2000 3.5.14.10 Codesys Control FOR Pfc100 3.5.11.0 Codesys Control FOR Pfc100 3.5.11.10 Codesys Control FOR Pfc100 3.5.11.20 Codesys Control FOR Pfc100 3.5.11.50 Codesys Control FOR Pfc100 3.5.11.60 Codesys Control FOR Pfc100 3.5.12.0 Codesys Control FOR Pfc100 3.5.12.10 Codesys Control FOR Pfc100 3.5.12.30 Codesys Control FOR Pfc100 3.5.12.40 Codesys Control FOR Pfc100 3.5.12.70 Codesys Control FOR Pfc100 3.5.13.0 Codesys Control FOR Pfc100 3.5.13.20 Codesys Control FOR Pfc100 3.5.13.30 Codesys Control FOR Pfc100 3.5.14.0 Codesys Control FOR Pfc100 3.5.14.10 Codesys Control FOR Pfc200 3.5.11.0 Codesys Control FOR Pfc200 3.5.11.10 Codesys Control FOR Pfc200 3.5.11.20 Codesys Control FOR Pfc200 3.5.11.50 Codesys Control FOR Pfc200 3.5.11.60 Codesys Control FOR Pfc200 3.5.12.0 Codesys Control FOR Pfc200 3.5.12.10 Codesys Control FOR Pfc200 3.5.12.30 Codesys Control FOR Pfc200 3.5.12.40 Codesys Control FOR Pfc200 3.5.12.70 Codesys Control FOR Pfc200 3.5.13.0 Codesys Control FOR Pfc200 3.5.13.10 Codesys Control FOR Pfc200 3.5.13.20 Codesys Control FOR Pfc200 3.5.13.30 Codesys Control FOR Pfc200 3.5.14.0 Codesys Control FOR Pfc200 3.5.14.10 Codesys Control FOR Pfc200 3.5.14.20 Codesys Control FOR Pfc200 3.5.14.30 Codesys Control FOR Pfc200 3.5.14.40 Codesys Control FOR Raspberry PI 3.5.11.0 Codesys Control FOR Raspberry PI 3.5.11.10 Codesys Control FOR Raspberry PI 3.5.11.20 Codesys Control FOR Raspberry PI 3.5.11.50 Codesys Control FOR Raspberry PI 3.5.11.60 Codesys Control FOR Raspberry PI 3.5.12.0 Codesys Control FOR Raspberry PI 3.5.12.10 Codesys Control FOR Raspberry PI 3.5.12.30 Codesys Control FOR Raspberry PI 3.5.12.70 Codesys Control FOR Raspberry PI 3.5.13.0 Codesys Control FOR Raspberry PI 3.5.13.20 Codesys Control FOR Raspberry PI 3.5.13.30 Codesys Control FOR Raspberry PI 3.5.14.0 Codesys Control FOR Raspberry PI 3.5.14.10 Codesys Control FOR Raspberry PI 3.5.14.20 Codesys Control FOR Raspberry PI 3.5.14.30 Codesys Control FOR Raspberry PI 3.5.14.40 Codesys Control RTE 3.5.11.0 Codesys Control RTE 3.5.11.10 Codesys Control RTE 3.5.11.20 Codesys Control RTE 3.5.11.30 Codesys Control RTE 3.5.11.40 Codesys Control RTE 3.5.11.42 Codesys Control RTE 3.5.11.50 Codesys Control RTE 3.5.11.60 Codesys Control RTE 3.5.12.0 Codesys Control RTE 3.5.12.1 Codesys Control RTE 3.5.12.10 Codesys Control RTE 3.5.12.20 Codesys Control RTE 3.5.12.30 Codesys Control RTE 3.5.12.40 Codesys Control RTE 3.5.12.50 Codesys Control RTE 3.5.12.60 Codesys Control RTE 3.5.12.70 Codesys Control RTE 3.5.12.80 Codesys Control RTE 3.5.13.0 Codesys Control RTE 3.5.13.10 Codesys Control RTE 3.5.13.20 Codesys Control RTE 3.5.13.30 Codesys Control RTE 3.5.13.40 Codesys Control RTE 3.5.14.0 Codesys Control RTE 3.5.14.10 Codesys Control RTE 3.5.14.20 Codesys Control RTE 3.5.14.30 Codesys Control RTE 3.5.14.40 Codesys Control WIN 3.5.12.30 Codesys Control WIN 3.5.12.80 Codesys Linux 3.5.11.0 Codesys Runtime System Toolkit 3.5.11.0	125

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.us-cert.gov/ics/advisories/icsa-19-255-04