CVE-2019-13538 Information
Feb 14, 2021
cve
Description
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager all versions prior to 3.5.16.0 allows the system to display active library content without checking its validity which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Reference
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f https://www.us-cert.gov/ics/advisories/icsa-19-255-02
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.6
Share on: