CVE-2019-13548

CRITICAL

CODESYS V3 Web Server < 3.5.14.10 - Stack-based Buffer Overflow via Crafted HTTP/HTTPS Requests

Title source: llm
STIX 2.1

Description

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.

References (1)

Core 1
Core References
Mitigation, Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-255-01

Scores

CVSS v3 9.8
EPSS 0.0586
EPSS Percentile 92.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-121 CWE-787
Status published
Products (13)
codesys/control_for_beaglebone < 3.5.14.10
codesys/control_for_empc-a\/imx6 < 3.5.14.10
codesys/control_for_iot2000 < 3.5.14.10
codesys/control_for_linux < 3.5.14.10
codesys/control_for_pfc100 < 3.5.14.10
codesys/control_for_pfc200 < 3.5.14.10
codesys/control_for_raspberry_pi < 3.5.14.10
codesys/control_rte 3.5.8.60 - 3.5.12.80
codesys/control_runtime_system_toolkit 3.0 - 3.5.12.80
codesys/control_win 3.5.9.80 - 3.5.12.80
... and 3 more
Published Sep 13, 2019
Tracked Since Feb 18, 2026