Vulnerability Details CVE-2019-9010
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=
- https://www.us-cert.gov/ics/advisories/icsa-19-213-03
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=
- https://www.us-cert.gov/ics/advisories/icsa-19-213-03
Products affected by CVE-2019-9010
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.10.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.14.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.14.10
-
cpe:2.3:a:codesys:control_for_linux_sl:3.0
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.40
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.40
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_runtime_toolkit:3.0
-
cpe:2.3:a:codesys:control_runtime_toolkit:3.5.14.0
-
cpe:2.3:a:codesys:development_system:3.0
-
cpe:2.3:a:codesys:development_system:3.5.10.0
-
cpe:2.3:a:codesys:development_system:3.5.10.10
-
cpe:2.3:a:codesys:development_system:3.5.10.20
-
cpe:2.3:a:codesys:development_system:3.5.10.30
-
cpe:2.3:a:codesys:development_system:3.5.10.40
-
cpe:2.3:a:codesys:development_system:3.5.10.50
-
cpe:2.3:a:codesys:development_system:3.5.10.60
-
cpe:2.3:a:codesys:development_system:3.5.10.70
-
cpe:2.3:a:codesys:development_system:3.5.11.0
-
cpe:2.3:a:codesys:development_system:3.5.11.10
-
cpe:2.3:a:codesys:development_system:3.5.11.20
-
cpe:2.3:a:codesys:development_system:3.5.11.30
-
cpe:2.3:a:codesys:development_system:3.5.11.40
-
cpe:2.3:a:codesys:development_system:3.5.11.50
-
cpe:2.3:a:codesys:development_system:3.5.11.60
-
cpe:2.3:a:codesys:development_system:3.5.12.0
-
cpe:2.3:a:codesys:development_system:3.5.12.10
-
cpe:2.3:a:codesys:development_system:3.5.12.20
-
cpe:2.3:a:codesys:development_system:3.5.12.30
-
cpe:2.3:a:codesys:development_system:3.5.12.40
-
cpe:2.3:a:codesys:development_system:3.5.12.50
-
cpe:2.3:a:codesys:development_system:3.5.12.60
-
cpe:2.3:a:codesys:development_system:3.5.12.70
-
cpe:2.3:a:codesys:development_system:3.5.13.0
-
cpe:2.3:a:codesys:development_system:3.5.13.10
-
cpe:2.3:a:codesys:development_system:3.5.13.20
-
cpe:2.3:a:codesys:development_system:3.5.13.30
-
cpe:2.3:a:codesys:development_system:3.5.13.40
-
cpe:2.3:a:codesys:development_system:3.5.14.0
-
cpe:2.3:a:codesys:development_system:3.5.14.10
-
cpe:2.3:a:codesys:development_system:3.5.9.0
-
cpe:2.3:a:codesys:development_system:3.5.9.40
-
cpe:2.3:a:codesys:development_system:3.5.9.50
-
cpe:2.3:a:codesys:development_system:3.5.9.60
-
cpe:2.3:a:codesys:development_system:3.5.9.70
-
cpe:2.3:a:codesys:development_system:3.5.9.80
-
cpe:2.3:a:codesys:gateway:3.0
-
cpe:2.3:a:codesys:gateway:3.5.14.0
-
cpe:2.3:a:codesys:gateway:3.5.8.60