CVE-2019-9008
HIGHCodesys Control For Beaglebone - Incorrect Permission Assignment
Title source: ruleDescription
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.codesys.com/
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
https://www.us-cert.gov/ics/advisories/icsa-19-255-03
Vendor Advisory x_refsource_confirm
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=
Scores
CVSS v3
8.8
EPSS
0.0053
EPSS Percentile
67.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (10)
codesys/control_for_beaglebone
< 3.5.13.0
codesys/control_for_empc-a\/imx6
< 3.5.13.0
codesys/control_for_iot2000
< 3.5.13.0
codesys/control_for_pfc100
< 3.5.13.0
codesys/control_for_pfc200
< 3.5.13.0
codesys/control_for_raspberry_pi
< 3.5.13.0
codesys/control_rte
< 3.5.13.0
codesys/control_win
< 3.5.13.0
codesys/hmi
< 3.5.13.0
codesys/simulation_runtime
< 3.5.13.0
Published
Sep 17, 2019
Tracked Since
Feb 18, 2026