CVE-2024-8175

CODESYS: web server vulnerable to DoS

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

Un atacante remoto no autenticado puede provocar que el servidor web CODESYS acceda a una memoria no válida, lo que resulta en un DoS.

*Credits: ABB

CVSS Scores

CERT VDEv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-26 CVE Reserved
2024-09-25 CVE Published
2024-09-25 CVE Updated
2024-09-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-754: Improper Check for Unusual or Exceptional Conditions

CAPEC

References (2)

URL	Tag	Source
https://cert.vde.com/en/advisories/VDE-2024-057

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download=	2024-09-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
CODESYS Search vendor "CODESYS"		CODESYS Control For BeagleBone SL Search vendor "CODESYS" for product "CODESYS Control For BeagleBone SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For BeagleBone SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For EmPC-A/iMX6 SL Search vendor "CODESYS" for product "CODESYS Control For EmPC-A/iMX6 SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For EmPC-A/iMX6 SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For IOT2000 SL Search vendor "CODESYS" for product "CODESYS Control For IOT2000 SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For IOT2000 SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For Linux ARM SL Search vendor "CODESYS" for product "CODESYS Control For Linux ARM SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For Linux ARM SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For Linux SL Search vendor "CODESYS" for product "CODESYS Control For Linux SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For Linux SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For PFC100 SL Search vendor "CODESYS" for product "CODESYS Control For PFC100 SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For PFC100 SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For PFC200 SL Search vendor "CODESYS" for product "CODESYS Control For PFC200 SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For PFC200 SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For PLCnext SL Search vendor "CODESYS" for product "CODESYS Control For PLCnext SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For PLCnext SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For Raspberry Pi SL Search vendor "CODESYS" for product "CODESYS Control For Raspberry Pi SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For Raspberry Pi SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control For WAGO Touch Panels 600 SL Search vendor "CODESYS" for product "CODESYS Control For WAGO Touch Panels 600 SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Control For WAGO Touch Panels 600 SL" and version " < 4.14.0.0"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control RTE (for Beckhoff CX) SL Search vendor "CODESYS" for product "CODESYS Control RTE (for Beckhoff CX) SL"				< 3.5.20.30 Search vendor "CODESYS" for product "CODESYS Control RTE (for Beckhoff CX) SL" and version " < 3.5.20.30"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control RTE (SL) Search vendor "CODESYS" for product "CODESYS Control RTE (SL)"				< 3.5.20.30 Search vendor "CODESYS" for product "CODESYS Control RTE (SL)" and version " < 3.5.20.30"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Control Win (SL) Search vendor "CODESYS" for product "CODESYS Control Win (SL)"				< 3.5.20.30 Search vendor "CODESYS" for product "CODESYS Control Win (SL)" and version " < 3.5.20.30"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Embedded Target Visu Toolkit Search vendor "CODESYS" for product "CODESYS Embedded Target Visu Toolkit"				< 3.5.20.30 Search vendor "CODESYS" for product "CODESYS Embedded Target Visu Toolkit" and version " < 3.5.20.30"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS HMI (SL) Search vendor "CODESYS" for product "CODESYS HMI (SL)"				< 3.5.20.30 Search vendor "CODESYS" for product "CODESYS HMI (SL)" and version " < 3.5.20.30"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Remote Target Visu Toolkit Search vendor "CODESYS" for product "CODESYS Remote Target Visu Toolkit"				< 3.5.20.30 Search vendor "CODESYS" for product "CODESYS Remote Target Visu Toolkit" and version " < 3.5.20.30"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Runtime Toolkit Search vendor "CODESYS" for product "CODESYS Runtime Toolkit"				< 3.5.20.30 Search vendor "CODESYS" for product "CODESYS Runtime Toolkit" and version " < 3.5.20.30"		en		Affected
CODESYS Search vendor "CODESYS"		CODESYS Virtual Control SL Search vendor "CODESYS" for product "CODESYS Virtual Control SL"				< 4.14.0.0 Search vendor "CODESYS" for product "CODESYS Virtual Control SL" and version " < 4.14.0.0"		en		Affected