Sign-up

ID

VAR-201909-0996


CVE

CVE-2019-13532


TITLE

3S-Smart Software Solutions CODESYS V3 web server Path traversal vulnerability

Trust: 1.4

sources: IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a // CNVD: CNVD-2019-32463 // CNNVD: CNNVD-201909-657

DESCRIPTION

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. CODESYS V3 web The server contains a path traversal vulnerability.Information may be obtained

Trust: 2.34

sources: NVD: CVE-2019-13532 // JVNDB: JVNDB-2019-009414 // CNVD: CNVD-2019-32463 // IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a // CNVD: CNVD-2019-32463

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control rtescope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control for raspberry piscope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control rtescope:gteversion:3.5.13.0

Trust: 1.0

vendor:codesysmodel:control for pfc100scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control winscope:lteversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:control winscope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:control winscope:gteversion:3.5.9.80

Trust: 1.0

vendor:codesysmodel:hmiscope:gteversion:3.5.10.0

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:hmiscope:gteversion:3.5.13.0

Trust: 1.0

vendor:codesysmodel:control for iot2000scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control for beaglebonescope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control for pfc200scope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control rtescope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:ltversion:3.5.12.80

Trust: 1.0

vendor:codesysmodel:control rtescope:gteversion:3.5.8.60

Trust: 1.0

vendor:codesysmodel:control winscope:gteversion:3.5.13.0

Trust: 1.0

vendor:codesysmodel:control for linuxscope:ltversion:3.5.14.10

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for empc-a/imx6 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for raspberry pi slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control win slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc200 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for linux slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for beaglebone slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for iot2000 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc100 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control rte slscope: - version: -

Trust: 0.8

vendor:3s smartmodel:software solutions codesys web serverscope:eqversion:v3<3.5.14.10

Trust: 0.6

vendor:control rtemodel: - scope:eqversion:*

Trust: 0.4

vendor:control winmodel: - scope:eqversion:*

Trust: 0.4

vendor:hmimodel: - scope:eqversion:*

Trust: 0.4

vendor:control for beaglebonemodel: - scope:eqversion:*

Trust: 0.2

vendor:control for empc a imx6model: - scope:eqversion:*

Trust: 0.2

vendor:control for iot2000model: - scope:eqversion:*

Trust: 0.2

vendor:control for linuxmodel: - scope:eqversion:*

Trust: 0.2

vendor:control for pfc100model: - scope:eqversion:*

Trust: 0.2

vendor:control for pfc200model: - scope:eqversion:*

Trust: 0.2

vendor:control for raspberry pimodel: - scope:eqversion:*

Trust: 0.2

vendor:control runtime system toolkitmodel: - scope:eqversion:*

Trust: 0.2

vendor:embedded target visu toolkitmodel: - scope:eqversion:*

Trust: 0.2

vendor:remote target visu toolkitmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a // CNVD: CNVD-2019-32463 // JVNDB: JVNDB-2019-009414 // NVD: CVE-2019-13532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13532
value: HIGH

Trust: 1.0

NVD: CVE-2019-13532
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-32463
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-657
value: HIGH

Trust: 0.6

IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-13532
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32463
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13532
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-13532
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a // CNVD: CNVD-2019-32463 // CNNVD: CNNVD-201909-657 // JVNDB: JVNDB-2019-009414 // NVD: CVE-2019-13532

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-009414 // NVD: CVE-2019-13532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-657

TYPE

Path traversal

Trust: 0.8

sources: IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a // CNNVD: CNNVD-201909-657

PATCH

title:Top Pageurl:https://www.codesys.com/

Trust: 0.8

title:3S-Smart Software Solutions CODESYS V3 web server path traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/181469

Trust: 0.6

title:CODESYS V3 web server Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98231

Trust: 0.6

sources: CNVD: CNVD-2019-32463 // CNNVD: CNNVD-201909-657 // JVNDB: JVNDB-2019-009414

EXTERNAL IDS

db:NVDid:CVE-2019-13532

Trust: 4.0

db:ICS CERTid:ICSA-19-255-01

Trust: 2.4

db:AUSCERTid:ESB-2019.3487

Trust: 1.2

db:CNVDid:CNVD-2019-32463

Trust: 0.8

db:CNNVDid:CNNVD-201909-657

Trust: 0.8

db:JVNid:JVNVU90492166

Trust: 0.8

db:ICS CERTid:ICSA-25-273-04

Trust: 0.8

db:JVNDBid:JVNDB-2019-009414

Trust: 0.8

db:ICS CERTid:ICSA-19-255-04

Trust: 0.6

db:ICS CERTid:ICSA-19-255-03

Trust: 0.6

db:ICS CERTid:ICSA-19-255-05

Trust: 0.6

db:ICS CERTid:ICSA-19-255-02

Trust: 0.6

db:IVDid:F4634C88-FFBB-41D2-9DE5-4C49DF63339A

Trust: 0.2

sources: IVD: f4634c88-ffbb-41d2-9de5-4c49df63339a // CNVD: CNVD-2019-32463 // CNNVD: CNNVD-201909-657 // JVNDB: JVNDB-2019-009414 // NVD: CVE-2019-13532

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-255-01

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13532

Trust: 2.0

url:https://www.auscert.org.au/bulletins/esb-2019.3487/

Trust: 1.2

url:https://jvn.jp/vu/jvnvu90492166/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-255-05

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-255-04

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-255-03

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-255-02

Trust: 0.6

sources: CNVD: CNVD-2019-32463 // CNNVD: CNNVD-201909-657 // JVNDB: JVNDB-2019-009414 // NVD: CVE-2019-13532

SOURCES

db:IVDid:f4634c88-ffbb-41d2-9de5-4c49df63339a
db:CNVDid:CNVD-2019-32463
db:CNNVDid:CNNVD-201909-657
db:JVNDBid:JVNDB-2019-009414
db:NVDid:CVE-2019-13532

LAST UPDATE DATE

2025-10-04T22:17:26.762000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-32463date:2019-09-21T00:00:00
db:CNNVDid:CNNVD-201909-657date:2019-10-17T00:00:00
db:JVNDBid:JVNDB-2019-009414date:2025-10-02T08:39:00
db:NVDid:CVE-2019-13532date:2024-11-21T04:25:05.470

SOURCES RELEASE DATE

db:IVDid:f4634c88-ffbb-41d2-9de5-4c49df63339adate:2019-09-21T00:00:00
db:CNVDid:CNVD-2019-32463date:2019-09-21T00:00:00
db:CNNVDid:CNNVD-201909-657date:2019-09-13T00:00:00
db:JVNDBid:JVNDB-2019-009414date:2019-09-20T00:00:00
db:NVDid:CVE-2019-13532date:2019-09-13T17:15:11.617