CVE-2024-8175
HIGHCODESYS Control SL < 4.14.0.0 - Unauthenticated Denial of Service via Memory Access
Title source: llmDescription
An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
References (2)
Core 2
Core References
Various Sources
https://cert.vde.com/en/advisories/VDE-2024-057
Various Sources vendor-advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download=
Scores
CVSS v3
7.5
EPSS
0.0060
EPSS Percentile
43.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (18)
CODESYS/CODESYS Control for BeagleBone SL
< 4.14.0.0
CODESYS/CODESYS Control for emPC-A/iMX6 SL
< 4.14.0.0
CODESYS/CODESYS Control for IOT2000 SL
< 4.14.0.0
CODESYS/CODESYS Control for Linux ARM SL
< 4.14.0.0
CODESYS/CODESYS Control for Linux SL
< 4.14.0.0
CODESYS/CODESYS Control for PFC100 SL
< 4.14.0.0
CODESYS/CODESYS Control for PFC200 SL
< 4.14.0.0
CODESYS/CODESYS Control for PLCnext SL
< 4.14.0.0
CODESYS/CODESYS Control for Raspberry Pi SL
< 4.14.0.0
CODESYS/CODESYS Control for WAGO Touch Panels 600 SL
< 4.14.0.0
... and 8 more
Published
Sep 25, 2024
Tracked Since
Feb 18, 2026