CVE-2019-9012

Name of the Vulnerable Software and Affected Versions 3S-Smart CODESYS V3 products versions prior to 3.5.14.20

Description A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products, potentially resulting in a denial-of-service condition. The issue affects all variants of CODESYS V3 products that contain the CmpGateway component, regardless of the CPU type or operating system.

Recommendations For versions prior to 3.5.14.20, update to version 3.5.14.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the CmpGateway component to minimize the risk of exploitation.