Sign-up

ID

VAR-201805-1208


TITLE

PLCWinNT software has a memory leak vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-10252

DESCRIPTION

CoDeSys is a complete development environment for programmable logic control PLCs, in which simulation functions can be implemented by configuring the PLCWinNT software. A memory leak vulnerability exists in the PLCWinNT software corresponding to the CoDeSys software version V2. An attacker can perform arbitrary write operations on the process's memory address space, and this vulnerability can be used to implement remote code execution

Trust: 0.72

sources: CNVD: CNVD-2018-10252 // IVD: e2f022d0-39ab-11e9-991b-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f022d0-39ab-11e9-991b-000c29342cb1 // CNVD: CNVD-2018-10252

AFFECTED PRODUCTS

vendor:3s smartmodel:plcwinnt softwarescope:eqversion:v2

Trust: 0.8

sources: IVD: e2f022d0-39ab-11e9-991b-000c29342cb1 // CNVD: CNVD-2018-10252

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-10252
value: MEDIUM

Trust: 0.6

IVD: e2f022d0-39ab-11e9-991b-000c29342cb1
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2018-10252
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f022d0-39ab-11e9-991b-000c29342cb1
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e2f022d0-39ab-11e9-991b-000c29342cb1 // CNVD: CNVD-2018-10252

TYPE

Memory leak

Trust: 0.2

sources: IVD: e2f022d0-39ab-11e9-991b-000c29342cb1

PATCH

title:PLCWinNT software has a memory leak vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/129197

Trust: 0.6

sources: CNVD: CNVD-2018-10252

EXTERNAL IDS

db:CNVDid:CNVD-2018-10252

Trust: 0.8

db:IVDid:E2F022D0-39AB-11E9-991B-000C29342CB1

Trust: 0.2

sources: IVD: e2f022d0-39ab-11e9-991b-000c29342cb1 // CNVD: CNVD-2018-10252

SOURCES

db:IVDid:e2f022d0-39ab-11e9-991b-000c29342cb1
db:CNVDid:CNVD-2018-10252

LAST UPDATE DATE

2022-05-17T01:47:52.668000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-10252date:2018-05-28T00:00:00

SOURCES RELEASE DATE

db:IVDid:e2f022d0-39ab-11e9-991b-000c29342cb1date:2018-05-24T00:00:00
db:CNVDid:CNVD-2018-10252date:2018-06-19T00:00:00