3S-Smart Software Solutions CODESYS Control拒绝服务漏洞
CVE编号
CVE-2020-15806利用情况
暂无补丁情况
N/A披露时间
2020-07-23漏洞描述
3S-Smart Software Solutions CODESYS Control是德国3S-Smart Software Solutions公司的一套工业控制程序编程软件。 3S-Smart Software Solutions CODESYS Control runtime system 3.5.16.10之前版本中存在安全漏洞,该漏洞源于程序没有控制内存分配。攻击者可利用该漏洞造成拒绝服务。解决建议
用户可参考如下厂商提供的安全补丁以修复该漏洞:https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=
参考链接 |
|
|---|---|
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c... | |
| https://www.codesys.com | |
| https://www.tenable.com/security/research/tra-2020-46 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_beaglebone | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_empc-a/imx6 | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_iot2000 | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_linux | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_pfc100 | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_pfc200 | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_plcnext | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_raspberry_pi | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_for_wago_touch_panels_600 | * | Up to (excluding) 3.5.16.10 | |||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_rte | * | From (including) 3.5.8.60 | Up to (excluding) 3.5.16.10 | ||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_runtime_system_toolkit | * | From (including) 3.0 | Up to (excluding) 3.5.16.10 | ||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | control_win | * | From (including) 3.5.9.80 | Up to (excluding) 3.5.16.10 | ||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | embedded_target_visu_toolkit | * | From (including) 3.0 | Up to (excluding) 3.5.16.10 | ||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | hmi | * | From (including) 3.5.10.0 | Up to (excluding) 3.5.16.10 | ||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | remote_target_visu_toolkit | * | From (including) 3.0 | Up to (excluding) 3.5.16.10 | ||||
| 运行在以下环境 | |||||||||
| 应用 | codesys | simulation_runtime | * | From (including) 3.5.9.40 | Up to (excluding) 3.5.16.10 | ||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 无
| CWE-ID | 漏洞类型 |
| CWE-401 | 在移除最后引用时对内存的释放不恰当(内存泄露) |
| CWE-770 | 不加限制或调节的资源分配 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论