Rewterz Threat Alert – CVE 2019-10961 – Advantech WebAccess HMI Designer
August 2, 2019Rewterz Threat Alert – LCDS LAquis SCADA LQS File Parsing
August 2, 2019Rewterz Threat Alert – CVE 2019-10961 – Advantech WebAccess HMI Designer
August 2, 2019Rewterz Threat Alert – LCDS LAquis SCADA LQS File Parsing
August 2, 2019Severity
High
Analysis Summary
CVE 2019-9010
The CODESYS Gateway does not correctly verify the ownership of a communication channel.
CVE 2019-9012
A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition.
Impact
- Denial of service
- Unverified Ownership
Affected Vendors
3S-Smart Software Solutions GmbH
Affected Products
CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway.
Remediation
3S-Smart Software Solutions GmbH has released v3.5.14.20 and v3.5.15.0 to address these vulnerabilities.