CVE-2019-9012
https://notcve.org/view.php?id=CVE-2019-9012
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. Se detectó un problema en los productos 3S-Smart CODESYS V3. Una petición de comunicación diseñada puede causar asignaciones de memoria no controladas en los productos CODESYS afectados y puede resultar en una condición de denegación de servicio. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download= https://www.us-cert.gov/ics/advisories/icsa-19-213-03 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-9010
https://notcve.org/view.php?id=CVE-2019-9010
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. Se detectó un problema en los productos 3S-Smart CODESYS V3. CODESYS Gateway no comprueba correctamente la propiedad de un canal de comunicación. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= https://www.us-cert.gov/ics/advisories/icsa-19-213-03 •
CVE-2019-0319
https://notcve.org/view.php?id=CVE-2019-0319
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podría engañar a un usuario para que crea que esta información es de servicio legítimo cuando no lo es. • http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html http://www.securityfocus.com/bid/109074 https://cxsecurity.com/ascii/WLB-2019050283 https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f https://launchpad.support.sap.com/#/notes/2752614 https://launchpad.support.sap.com/#/notes/2911267 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20026
https://notcve.org/view.php?id=CVE-2018-20026
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. Existe el filtrado de direcciones de comunicación incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 •
CVE-2018-20025
https://notcve.org/view.php?id=CVE-2018-20025
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. Existen valores aleatorios utilizados de manera insuficiente en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 • CWE-330: Use of Insufficiently Random Values •