High
CVE 2019-9010
The CODESYS Gateway does not correctly verify the ownership of a communication channel.
CVE 2019-9012
A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition.
3S-Smart Software Solutions GmbH
CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway.
3S-Smart Software Solutions GmbH has released v3.5.14.20 and v3.5.15.0 to address these vulnerabilities.