{"containers": {"cna": {"affected": [{"product": "CODESYS V3 web server", "vendor": "n/a", "versions": [{"status": "affected", "version": "all versions prior to 3.5.14.10"}]}], "descriptions": [{"lang": "en", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-09-13T16:58:21.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13532", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS V3 web server", "version": {"version_data": [{"version_value": "all versions prior to 3.5.14.10"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.525Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13532", "datePublished": "2019-09-13T16:58:21.000Z", "dateReserved": "2019-07-11T00:00:00.000Z", "dateUpdated": "2024-08-04T23:57:39.525Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC95996F-4E60-4CCE-BC7D-2F998969455D", "versionEndExcluding": "3.5.14.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCE0D6F6-86D9-488A-A02B-48F4BD6F67D4", "versionEndExcluding": "3.5.14.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "08C05889-826B-411F-AD6A-F18C432A3B1F", "versionEndExcluding": "3.5.14.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "225A5B49-7DB5-4B80-A560-5BEE65A7FC3D", "versionEndExcluding": "3.5.14.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E6DD82E-5047-4E7B-8C73-3BF8FD112F3A", "versionEndExcluding": "3.5.14.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "47A9B7EB-229C-4A23-9BB7-72A5ABD61279", "versionEndExcluding": "3.5.14.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "43092C73-1302-4915-B2BC-59058FF61EFA", "versionEndExcluding": "3.5.14.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9392852-7BEF-402C-9ED4-2D7D40955311", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.8.60", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB77946F-7038-40FD-8204-B777ED0E59D2", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1CB113B-1207-43D9-A999-42B08AD50EB2", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE519838-FADF-43EA-9723-9283C0E18E85", "versionEndIncluding": "3.5.12.80", "versionStartIncluding": "3.5.9.80", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "3466070E-1377-4272-AC73-717B9DEC144C", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "07A7C9E7-ABF4-4C29-AF16-E697E35CFFC7", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD2CDAC2-F8EB-45F4-82E2-5E5601F49D8A", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AC3C628-281A-4E8E-ADE6-4CE976E187D4", "versionEndExcluding": "3.5.14.10", "versionStartIncluding": "3.5.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "08230AB2-9EA0-4F98-8CE5-0A9ADB2B2334", "versionEndExcluding": "3.5.12.80", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller."}, {"lang": "es", "value": "El servidor web de CODESYS V3, todas las versiones anteriores a 3.5.14.10, permite a un atacante enviar peticiones http o https especialmente dise\u00f1adas que pueden conceder el acceso a archivos fuera del directorio de trabajo restringido del controlador."}], "id": "CVE-2019-13532", "lastModified": "2024-11-21T04:25:05.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-13T17:15:11.617", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}