CVE-2019-13532

Summary

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.

Affected Software

VendorProductVersion RangeStatus
n/aCODESYS V3 web serverall versions prior to 3.5.14.10affected

Weaknesses

  • CWE-22: IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22

ADP Enrichment

CVE Program Container

Additional References

References