ICSA-19-213-03 · Published 2019-08-01 · View on CISA ICS-CERT ↗

3S-Smart Software Solutions GmbH CODESYS V3

CVSS 9.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to close existing communication channels or to take over an already established user session to send crafted packets to a PLC.

CVEs (2)

CVE-2019-9010 CVE-2019-9012

Remediations

3S-Smart Software Solutions GmbH has released v3.5.14.20 and v3.5.15.0. Each of these releases solve the noted vulnerabilities issues.
Please visit the CODESYS update area for more information on how to obtain the software update: https://www.codesys.com/download/

Affected Vendors

3S-Smart Software Solutions GmbH

Affected Products (10)

3S-Smart Software Solutions GmbH · CODESYS Control for Raspberry Pi < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Control V3 Runtime System Toolkit < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Control for PFC100 < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Control for BeagleBone < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Control for PFC200 < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Control for emPC-A/iMX6 < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS V3 Development System < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Control for Linux < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Gateway V3 < 3.5.14.20

3S-Smart Software Solutions GmbH · CODESYS Control for IOT2000 < 3.5.14.20

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more