CVE-2019-13542

Vulnerability

The vulnerability is a NULL pointer dereference in the CODESYS V3 OPC UA Server, affecting all versions from 3.5.11.0 to 3.5.15.0. The flaw exists in the OPC UA server component that supports OPC UA Security. An attacker can trigger it by sending specific crafted requests from a trusted OPC UA client. Affected products include CODESYS Control for BeagleBone, emPC-A/iMX6, IOT2000, Linux, PFC100, PFC200, Raspberry Pi, RTE V3, RTE V3 (for Beckhoff CX), Win V3, and the Runtime System Toolkit [1].

Exploitation

The attacker must be a trusted OPC UA client with network access to the server. No additional privileges beyond being a legitimate client are required. The attacker sends specifically crafted OPC UA requests that cause a NULL pointer dereference, leading to a crash. The attack is remotely exploitable with low skill level [1].

Impact

Successful exploitation results in a denial-of-service condition, rendering the OPC UA server unavailable. There is no impact on confidentiality or integrity, as indicated by the CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) [1].

Mitigation

3S-Smart Software Solutions GmbH released version 3.5.15.0 to fix this vulnerability [1]. Users should update to this version or later. General defense measures include using controllers and devices in protected environments to reduce network exposure [1].