CVE-2019-19789
MEDIUMCODESYS SP Realtime NT < 2.3.7.28, Runtime Toolkit < 2.4.7.54, and PLCWinNT < 2.4.7.54 - NULL Pointer Dereference
Title source: llmDescription
3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.codesys.com
Vendor Advisory x_refsource_confirm
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12946&token=edd5d8e821edaf3189d36bb1cac1aa1bfc42351f&download=
Scores
CVSS v3
6.5
EPSS
0.0122
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (3)
codesys/plcwinnt
< 2.4.7.54
codesys/runtime_toolkit
< 2.4.7.54
codesys/sp_realtime_nt
< 2.3.7.28
Published
Dec 20, 2019
Tracked Since
Feb 18, 2026