Sign-up

ID

VAR-201908-0055


CVE

CVE-2019-9010


TITLE

plural  3S-Smart CODESYS  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-008668

DESCRIPTION

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement

Trust: 2.25

sources: NVD: CVE-2019-9010 // JVNDB: JVNDB-2019-008668 // CNNVD: CNNVD-201908-161 // VULHUB: VHN-160445

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for linux slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for empc-a\/imx6 slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:development systemscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:3.5.14.20

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for raspberry pi slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for iot2000 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for empc-a/imx6 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for beaglebone slscope: - version: -

Trust: 0.8

vendor:codesysmodel:development systemscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for linux slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc200 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:gatewayscope:eqversion:3.5.14.20

Trust: 0.8

vendor:codesysmodel:control for pfc100 slscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008668 // NVD: CVE-2019-9010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9010
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-9010
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-161
value: CRITICAL

Trust: 0.6

VULHUB: VHN-160445
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9010
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-160445
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9010
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-9010
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160445 // CNNVD: CNNVD-201908-161 // JVNDB: JVNDB-2019-008668 // NVD: CVE-2019-9010

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-284

Trust: 0.1

sources: VULHUB: VHN-160445 // JVNDB: JVNDB-2019-008668 // NVD: CVE-2019-9010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-161

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-161

PATCH

title:Top Pageurl:https://www.codesys.com/

Trust: 0.8

title:Multiple 3S-Smart Software Solutions Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95921

Trust: 0.6

sources: CNNVD: CNNVD-201908-161 // JVNDB: JVNDB-2019-008668

EXTERNAL IDS

db:NVDid:CVE-2019-9010

Trust: 3.3

db:ICS CERTid:ICSA-19-213-03

Trust: 2.5

db:JVNid:JVNVU90492166

Trust: 0.8

db:JVNDBid:JVNDB-2019-008668

Trust: 0.8

db:CNNVDid:CNNVD-201908-161

Trust: 0.7

db:ICS CERTid:ICSA-19-213-04

Trust: 0.6

db:AUSCERTid:ESB-2019.2901

Trust: 0.6

db:VULHUBid:VHN-160445

Trust: 0.1

sources: VULHUB: VHN-160445 // CNNVD: CNNVD-201908-161 // JVNDB: JVNDB-2019-008668 // NVD: CVE-2019-9010

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-213-03

Trust: 3.1

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9010

Trust: 1.4

url:https://jvn.jp/vu/jvnvu90492166/index.html

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-213-04

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2901/

Trust: 0.6

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=

Trust: 0.1

sources: VULHUB: VHN-160445 // CNNVD: CNNVD-201908-161 // JVNDB: JVNDB-2019-008668 // NVD: CVE-2019-9010

CREDITS

3S-Smart Software Solutions GmbH

Trust: 0.6

sources: CNNVD: CNNVD-201908-161

SOURCES

db:VULHUBid:VHN-160445
db:CNNVDid:CNNVD-201908-161
db:JVNDBid:JVNDB-2019-008668
db:NVDid:CVE-2019-9010

LAST UPDATE DATE

2025-10-03T22:13:48.905000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160445date:2023-02-23T00:00:00
db:CNNVDid:CNNVD-201908-161date:2020-08-25T00:00:00
db:JVNDBid:JVNDB-2019-008668date:2025-10-02T06:39:00
db:NVDid:CVE-2019-9010date:2024-11-21T04:50:48.343

SOURCES RELEASE DATE

db:VULHUBid:VHN-160445date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-161date:2019-08-01T00:00:00
db:JVNDBid:JVNDB-2019-008668date:2019-09-04T00:00:00
db:NVDid:CVE-2019-9010date:2019-08-15T18:15:23.397