Vulnerability Details CVE-2019-13538
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.0%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 6.8
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f
- https://www.us-cert.gov/ics/advisories/icsa-19-255-02
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f
- https://www.us-cert.gov/ics/advisories/icsa-19-255-02
Products affected by CVE-2019-13538
-
cpe:2.3:a:codesys:codesys:-
-
cpe:2.3:a:codesys:codesys:2.3
-
cpe:2.3:a:codesys:codesys:2.3.9.61
-
cpe:2.3:a:codesys:codesys:3.5.10.0
-
cpe:2.3:a:codesys:codesys:3.5.10.10
-
cpe:2.3:a:codesys:codesys:3.5.10.20
-
cpe:2.3:a:codesys:codesys:3.5.10.30
-
cpe:2.3:a:codesys:codesys:3.5.10.40
-
cpe:2.3:a:codesys:codesys:3.5.10.50
-
cpe:2.3:a:codesys:codesys:3.5.10.60
-
cpe:2.3:a:codesys:codesys:3.5.10.70
-
cpe:2.3:a:codesys:codesys:3.5.11.0
-
cpe:2.3:a:codesys:codesys:3.5.11.10
-
cpe:2.3:a:codesys:codesys:3.5.11.20
-
cpe:2.3:a:codesys:codesys:3.5.11.30
-
cpe:2.3:a:codesys:codesys:3.5.11.40
-
cpe:2.3:a:codesys:codesys:3.5.11.50
-
cpe:2.3:a:codesys:codesys:3.5.11.60
-
cpe:2.3:a:codesys:codesys:3.5.12.0
-
cpe:2.3:a:codesys:codesys:3.5.12.10
-
cpe:2.3:a:codesys:codesys:3.5.12.20
-
cpe:2.3:a:codesys:codesys:3.5.12.30
-
cpe:2.3:a:codesys:codesys:3.5.12.40
-
cpe:2.3:a:codesys:codesys:3.5.12.50
-
cpe:2.3:a:codesys:codesys:3.5.12.60
-
cpe:2.3:a:codesys:codesys:3.5.12.70
-
cpe:2.3:a:codesys:codesys:3.5.13.0
-
cpe:2.3:a:codesys:codesys:3.5.13.10
-
cpe:2.3:a:codesys:codesys:3.5.13.2
-
cpe:2.3:a:codesys:codesys:3.5.13.20
-
cpe:2.3:a:codesys:codesys:3.5.13.30
-
cpe:2.3:a:codesys:codesys:3.5.13.40
-
cpe:2.3:a:codesys:codesys:3.5.14.10
-
cpe:2.3:a:codesys:codesys:3.5.14.20
-
cpe:2.3:a:codesys:codesys:3.5.14.30
-
cpe:2.3:a:codesys:codesys:3.5.14.40
-
cpe:2.3:a:codesys:codesys:3.5.15.0
-
cpe:2.3:a:codesys:codesys:3.5.15.10
-
cpe:2.3:a:codesys:codesys:3.5.15.20
-
cpe:2.3:a:codesys:codesys:3.5.15.30
-
cpe:2.3:a:codesys:codesys:3.5.15.40
-
cpe:2.3:a:codesys:codesys:3.5.15.50
-
cpe:2.3:a:codesys:codesys:3.5.9.40
-
cpe:2.3:a:codesys:codesys:3.5.9.50
-
cpe:2.3:a:codesys:codesys:3.5.9.60
-
cpe:2.3:a:codesys:codesys:3.5.9.70
-
cpe:2.3:a:codesys:codesys:3.5.9.80