CVE-2020-7052
MEDIUMCODESYS Control V3, Gateway V3, and HMI V3 < 3.5.15.30 - Remote Denial of Service via Uncontrolled Memory Allocation
Title source: llmDescription
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2020-04
Vendor Advisory x_refsource_confirm
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=
Scores
CVSS v3
6.5
EPSS
0.0188
EPSS Percentile
76.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (15)
codesys/control_for_beaglebone
< 3.5.15.30
codesys/control_for_empc-a\/imx6
< 3.5.15.30
codesys/control_for_iot2000
< 3.5.15.30
codesys/control_for_linux
< 3.5.15.30
codesys/control_for_pfc100
< 3.5.15.30
codesys/control_for_pfc200
< 3.5.15.30
codesys/control_for_plcnext
< 3.5.15.30
codesys/control_for_raspberry_pi
< 3.5.15.30
codesys/control_rte
3.5.8.60 - 3.5.15.30 (2 CPE variants)
codesys/control_runtime_system_toolkit
3.0 - 3.5.15.30
... and 5 more
Published
Jan 24, 2020
Tracked Since
Feb 18, 2026