virus logo Intrusion Prevention

3S-Smart.CODESYS.CmpRouter.CmpRouterEmbedded.Integer.Overflow

description-logoDescription

This indicates an attack attempt to exploit an Integer Overflow Vulnerability in Smart Software Solutions CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
The vulnerability is due to improper validation of user-supplied data. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to the target server. Successful exploitation could allow the attacker to execute arbitrary code under the security context of SYSTEM/root.

affected-products-logoAffected Products

Smart Software Solutions CoDeSys Control for BeagleBone prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for empPC-A/iMX6 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for IOT2000 prior to V3.5.15.40
Smart Software Solutions CODESYS Control for Linux prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for PFC100 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for PFC200 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for PLCnext prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for Raspberry Pi prior to V3.5.15.40
Smart Software Solutions CoDeSys Control RTE V3 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control RTE V3 (for Beckhoff CX) prior to V3.5.15.40
Smart Software Solutions CoDeSys Control V3 Runtime System Tookit prior to V3.5.15.40
Smart Software Solutions CoDeSys Control Win V3 (also part of the CODESYS Development System Setup) prior to V3.5.15.40
Smart Software Solutions CODESYS Edge Gateway V3 prior to V3.5.15.40
Smart Software Solutions CODESYS Gateway V3 prior to V3.5.15.40
Smart Software Solutions CoDeSys HMI V3 prior to V3.5.15.40
Smart Software Solutions CODESYS OPC Server V3 prior to V3.5.15.40
Smart Software Solutions CODESYS PLCHandler SDK prior to V3.5.15.40
Smart Software Solutions CoDeSys V3 Embedded Target Visu Toolkit prior to V3.5.15.40
Smart Software Solutions CoDeSys V3 Remote Target Visu Toolkit prior to V3.5.15.40
Smart Software Solutions CODESYS V3 Simulation Runtime (part of the CODESYS Development System) prior to V3.5.15.40

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13077&token=3bfc6d1d08415a6260b96093520071f5786e7fd4&download=

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-05-04 15.832 Default_action:pass:drop
2020-04-16 15.820
ID 48912
Created Apr 16, 2020
Updated Mar 31, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2019-5105
Exploit Prediction Score 0.27%
Default Action drop
Active
Affected OS Other
Affected App SCADA