3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Control_for_beaglebone | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Control_for_empc-a/imx6 | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Control_for_iot2000 | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Control_for_pfc100 | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Control_for_pfc200 | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Control_for_raspberry_pi | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Control_rte | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Control_win | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Linux | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |
| Runtime_system_toolkit | Codesys | 3.5.11.0 (including) | 3.5.15.0 (excluding) |