CVE-2024-8175 - Vulnerability Details

Description

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

Published: 2024-09-25

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

CODESYS

CODESYS Control for BeagleBone SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for emPC-A/iMX6 SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for IOT2000 SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for Linux ARM SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for Linux SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for PFC100 SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for PFC200 SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for PLCnext SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for Raspberry Pi SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control for WAGO Touch Panels 600 SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

CODESYS

CODESYS Control RTE (for Beckhoff CX) SL

unaffected

Version	Status	Constraints
`0`	affected	< 3.5.20.30

CODESYS

CODESYS Control RTE (SL)

unaffected

Version	Status	Constraints
`0`	affected	< 3.5.20.30

CODESYS

CODESYS Control Win (SL)

unaffected

Version	Status	Constraints
`0`	affected	< 3.5.20.30

CODESYS

CODESYS Embedded Target Visu Toolkit

unaffected

Version	Status	Constraints
`0`	affected	< 3.5.20.30

CODESYS

CODESYS HMI (SL)

unaffected

Version	Status	Constraints
`0`	affected	< 3.5.20.30

CODESYS

CODESYS Remote Target Visu Toolkit

unaffected

Version	Status	Constraints
`0`	affected	< 3.5.20.30

CODESYS

CODESYS Runtime Toolkit

unaffected

Version	Status	Constraints
`0`	affected	< 3.5.20.30

CODESYS

CODESYS Virtual Control SL

unaffected

Version	Status	Constraints
`0`	affected	< 4.14.0.0

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-48999	An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00889.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2024-057
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download=

History

Wed, 25 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Codesys Codesys control For Beaglebone Sl Codesys control For Empc-a\/imx6 Sl Codesys control For Iot2000 Sl Codesys control For Linux Arm Sl Codesys control For Linux Sl Codesys control For Pfc100 Sl Codesys control For Pfc200 Sl Codesys control For Plcnext Sl Codesys control For Raspberry Pi Sl Codesys control For Wago Touch Panels 600 Sl Codesys control Rte \(for Beckhoff Cx\) Sl Codesys control Rte Sl Codesys control Win Sl Codesys embedded Target Visu Toolkit Codesys hmi Sl Codesys remote Target Visu Toolkit Codesys runtime Toolkit Codesys virtual Control Sl
CPEs		cpe:2.3:a:codesys:control_for_beaglebone_sl:::::::: cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:::::::: cpe:2.3:a:codesys:control_for_iot2000_sl:::::::: cpe:2.3:a:codesys:control_for_linux_arm_sl:::::::: cpe:2.3:a:codesys:control_for_linux_sl:::::::: cpe:2.3:a:codesys:control_for_pfc100_sl:::::::: cpe:2.3:a:codesys:control_for_pfc200_sl:::::::: cpe:2.3:a:codesys:control_for_plcnext_sl:::::::: cpe:2.3:a:codesys:control_for_raspberry_pi_sl:::::::: cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:::::::: cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl:::::::: cpe:2.3:a:codesys:control_rte_sl:::::::: cpe:2.3:a:codesys:control_win_sl:::::::: cpe:2.3:a:codesys:embedded_target_visu_toolkit:::::::: cpe:2.3:a:codesys:hmi_sl:::::::: cpe:2.3:a:codesys:remote_target_visu_toolkit:::::::: cpe:2.3:a:codesys:runtime_toolkit:::::::: cpe:2.3:a:codesys:virtual_control_sl::::::::
Vendors & Products		Codesys Codesys control For Beaglebone Sl Codesys control For Empc-a\/imx6 Sl Codesys control For Iot2000 Sl Codesys control For Linux Arm Sl Codesys control For Linux Sl Codesys control For Pfc100 Sl Codesys control For Pfc200 Sl Codesys control For Plcnext Sl Codesys control For Raspberry Pi Sl Codesys control For Wago Touch Panels 600 Sl Codesys control Rte \(for Beckhoff Cx\) Sl Codesys control Rte Sl Codesys control Win Sl Codesys embedded Target Visu Toolkit Codesys hmi Sl Codesys remote Target Visu Toolkit Codesys runtime Toolkit Codesys virtual Control Sl
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
References		https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download=

Wed, 25 Sep 2024 08:15:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
Title		CODESYS: web server vulnerable to DoS
Weaknesses		CWE-754
References		https://cert.vde.com/en/advisories/VDE-2024-057
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Codesys Control For Beaglebone Sl Control For Empc-a\/imx6 Sl Control For Iot2000 Sl Control For Linux Arm Sl Control For Linux Sl Control For Pfc100 Sl Control For Pfc200 Sl Control For Plcnext Sl Control For Raspberry Pi Sl Control For Wago Touch Panels 600 Sl Control Rte \(for Beckhoff Cx\) Sl Control Rte Sl Control Win Sl Embedded Target Visu Toolkit Hmi Sl Remote Target Visu Toolkit Runtime Toolkit Virtual Control Sl

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2024-09-25T08:04:23.196Z

Updated: 2024-09-25T14:02:28.368Z

Reserved: 2024-08-26T09:58:34.794Z

Link: CVE-2024-8175

Vulnrichment

Updated: 2024-09-25T13:53:18.029Z

NVD

Status : Awaiting Analysis

Published: 2024-09-25T08:15:04.727

Modified: 2024-09-26T13:32:02.803

Link: CVE-2024-8175

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-754

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object