CVE-2019-13532

HIGH

CODESYS V3 <3.5.14.10 - Path Traversal

Title source: llm
STIX 2.1

Description

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

References (1)

Core 1
Core References
Mitigation, Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-255-01

Scores

CVSS v3 7.5
EPSS 0.0318
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (13)
codesys/control_for_beaglebone < 3.5.14.10
codesys/control_for_empc-a\/imx6 < 3.5.14.10
codesys/control_for_iot2000 < 3.5.14.10
codesys/control_for_linux < 3.5.14.10
codesys/control_for_pfc100 < 3.5.14.10
codesys/control_for_pfc200 < 3.5.14.10
codesys/control_for_raspberry_pi < 3.5.14.10
codesys/control_rte 3.5.8.60 - 3.5.12.80
codesys/control_runtime_system_toolkit 3.0 - 3.5.12.80
codesys/control_win 3.5.9.80 - 3.5.12.80
... and 3 more
Published Sep 13, 2019
Tracked Since Feb 18, 2026