CVE-2020-15806

Published Jul 22, 2020

Last updated 3 years ago

CVSS high 7.5

Overview

Description: CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AE57E7D-63C1-470F-A95B-B9DA3A586E04",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B5F06D0-5224-4D76-A856-9AB57BF87D59",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB388FBB-8512-4FCE-A754-A82239A911B9",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41722BB1-40F6-4D12-9A00-156D04C92097",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E56A636-9DC3-411D-B287-308A2BAC759D",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82614FBA-2612-4FA4-988B-D67E80B5DDA7",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "387FB2B8-5435-4054-94A4-0AE60A42FB0C",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B7517E0-0D9C-4AA8-B8A9-7F1420FE4616",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C80CDF5-5264-41CD-A475-E46C3E941F4A",
            "versionEndExcluding": "3.5.16.10"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6097C902-F24A-4408-8E2C-C90F0AB67E13",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.5.8.60"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DDE8129-4CEE-440B-B0D1-29BB93D1ACE8",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.5.8.60"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CF52B1D-7AF9-4DAD-A8E7-6CB7CC060E08",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E86A4C83-B82D-4D2F-96C6-C8F66B7AB947",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.5.9.80"
          },
          {
            "criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "890104AC-5CB4-466D-9CC0-F39E8B24BD9D",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CE9850A-47B3-4C37-90C0-FF9516DF025F",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.5.10.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31C2638C-D4C4-4C71-A873-E7836802E6FE",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A09DAE1-678B-49A2-88CE-CFF4F514673E",
            "versionEndExcluding": "3.5.16.10",
            "versionStartIncluding": "3.5.9.40"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References