CVE-2020-15806 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-15806

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-22 Jul, 2020 | 19:15

Updated At-21 Jul, 2021 | 11:39

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

>>control_for_beaglebone>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*

>>control_for_empc-a\/imx6>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:*

>>control_for_iot2000>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*

>>control_for_linux>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*

>>control_for_pfc100>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*

>>control_for_pfc200>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*

>>control_for_plcnext>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*

>>control_for_raspberry_pi>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*

>>control_for_wago_touch_panels_600>>Versions before 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*

>>control_rte>>Versions from 3.5.8.60(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*

>>control_rte>>Versions from 3.5.8.60(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*

>>control_runtime_system_toolkit>>Versions from 3.0(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*

>>control_win>>Versions from 3.5.9.80(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*

>>embedded_target_visu_toolkit>>Versions from 3.0(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*

>>hmi>>Versions from 3.5.10.0(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*

>>remote_target_visu_toolkit>>Versions from 3.0(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*

>>simulation_runtime>>Versions from 3.5.9.40(inclusive) to 3.5.16.10(exclusive)

cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-401	Primary	nvd@nist.gov

CWE ID: CWE-401

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=	cve@mitre.org	Mitigation Vendor Advisory
https://www.codesys.com	cve@mitre.org	Vendor Advisory
https://www.tenable.com/security/research/tra-2020-46	cve@mitre.org	Exploit Third Party Advisory

Hyperlink: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=

Source: cve@mitre.org

Resource:

Mitigation

Vendor Advisory

Hyperlink: https://www.codesys.com

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://www.tenable.com/security/research/tra-2020-46

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory