Description
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.
Scores
CVSS v3
7.5
EPSS
0.0118
EPSS Percentile
78.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-131
Status
published
Products (15)
CODESYS/CODESYS Control for BeagleBone SL
< 4.12.0.0
CODESYS/CODESYS Control for emPC-A/iMX6 SL
< 4.12.0.0
CODESYS/CODESYS Control for IOT2000 SL
< 4.12.0.0
CODESYS/CODESYS Control for Linux ARM SL
< 4.12.0.0
CODESYS/CODESYS Control for Linux SL
< 4.12.0.0
CODESYS/CODESYS Control for PFC100 SL
< 4.12.0.0
CODESYS/CODESYS Control for PFC200 SL
< 4.12.0.0
CODESYS/CODESYS Control for PLCnext SL
< 4.12.0.0
CODESYS/CODESYS Control for Raspberry Pi SL
< 4.12.0.0
CODESYS/CODESYS Control for WAGO Touch Panels 600 SL
< 4.12.0.0
... and 5 more
Published
Jun 04, 2024
Tracked Since
Feb 18, 2026