Vulnerabilites related to codesys - control_runtime_toolkit
CVE-2019-9012 (GCVE-0-2019-9012)
Vulnerability from cvelistv5
Published
2019-08-15 17:47
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:47:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9012",
"datePublished": "2019-08-15T17:47:31",
"dateReserved": "2019-02-22T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20025 (GCVE-0-2018-20025)
Vulnerability from cvelistv5
Published
2019-02-19 21:00
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of Insufficiently Random Values
Summary
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | CODESYS V3 products |
Version: prior V3.5.14.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS V3 products",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "prior V3.5.14.0"
}
]
}
],
"datePublic": "2018-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T14:40:07",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-12-10T00:00:00",
"ID": "CVE-2018-20025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V3 products",
"version": {
"version_data": [
{
"version_value": "prior V3.5.14.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106251"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-20025",
"datePublished": "2019-02-19T21:00:00Z",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-09-16T18:39:11.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20026 (GCVE-0-2018-20026)
Vulnerability from cvelistv5
Published
2019-02-19 21:00
Modified
2024-09-16 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Communication Address Filtering
Summary
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | CODESYS V3 products |
Version: prior V3.5.14.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS V3 products",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "prior V3.5.14.0"
}
]
}
],
"datePublic": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Communication Address Filtering",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T14:43:36",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "106251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-12-19T00:00:00",
"ID": "CVE-2018-20026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS V3 products",
"version": {
"version_data": [
{
"version_value": "prior V3.5.14.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Communication Address Filtering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106251"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-20026",
"datePublished": "2019-02-19T21:00:00Z",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-09-16T20:37:39.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9010 (GCVE-0-2019-9010)
Vulnerability from cvelistv5
Published
2019-08-15 17:44
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:50:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9010",
"datePublished": "2019-08-15T17:44:42",
"dateReserved": "2019-02-22T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10612 (GCVE-0-2018-10612)
Vulnerability from cvelistv5
Published
2019-01-29 16:00
Modified
2024-09-17 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - IMPROPER ACCESS CONTROL
Summary
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 3S-Smart | 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0 |
Version: 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
"vendor": "3S-Smart",
"versions": [
{
"status": "affected",
"version": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
}
]
}
],
"datePublic": "2018-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-30T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-12-18T00:00:00",
"ID": "CVE-2018-10612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
"version": {
"version_data": [
{
"version_value": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
}
]
}
}
]
},
"vendor_name": "3S-Smart"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106248"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10612",
"datePublished": "2019-01-29T16:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T02:32:49.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-08-15 18:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E9C6D8-9CC6-4F07-BF9E-8FBA03198AA0",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB94C8E2-B642-43D2-9396-46F5AB5E66FC",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBF71DD-DCB0-441A-B122-AC9EAD7C1D67",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C50DC2EE-102F-4B47-AF0A-25D2D10FDC1E",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D5F04F-C033-42E5-A072-137EF5C54DF7",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E06CDD-4C2A-457B-B456-BB377481C52A",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5424CD6A-42C6-4744-B182-739CC379EA79",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B19C74A7-08D3-40AC-BF00-87EF5DDA9A0C",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9995DEF-A6ED-4B62-BFE7-F85DF8E56315",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92CF05A0-31F0-49BB-9299-E9210D954682",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los productos 3S-Smart CODESYS V3. CODESYS Gateway no comprueba correctamente la propiedad de un canal de comunicaci\u00f3n. Todas las variantes de los siguientes productos CODESYS V3 en todas las versiones anteriores a v3.5.14.20 que contienen el componente CmpGateway est\u00e1n afectadas, indiferentemente del tipo de CPU o sistema operativo: CODESYS Control para BeagleBone, CODESYS Control para emPC-A/iMX6, CODESYS Control para IOT2000, CODESYS Control para Linux, CODESYS Control para PFC100, CODESYS Control para PFC200, CODESYS Control para Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"id": "CVE-2019-9010",
"lastModified": "2024-11-21T04:50:48.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-15T18:15:23.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-29 16:29
Modified
2024-11-21 03:41
Severity ?
Summary
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/106248 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106248 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00F359B4-0530-47A3-BFBB-BA7D32104919",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
},
{
"lang": "es",
"value": "En los productos CODESYS Control V3, de 3S-Smart Software Solutions GmbH, en versiones anteriores a la 3.5.14.0, la gesti\u00f3n de accesos de usuarios y el cifrado de las comunicaciones no est\u00e1 habilitado por defecto, lo que podr\u00eda permitir que un atacante acceda al dispositivo y a su informaci\u00f3n sensible, incluyendo las credenciales de usuario."
}
],
"id": "CVE-2018-10612",
"lastModified": "2024-11-21T03:41:39.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-29T16:29:00.247",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106248"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-311"
},
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-19 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "087FE9CF-7492-416A-9585-0E8C00ABB320",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0A629A-E3CE-428A-81C1-25965A681B73",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
},
{
"lang": "es",
"value": "Existen valores aleatorios utilizados de manera insuficiente en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0."
}
],
"id": "CVE-2018-20025",
"lastModified": "2024-11-21T04:00:46.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-19T21:29:00.243",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-19 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | http://www.securityfocus.com/bid/106251 | Broken Link, Third Party Advisory, VDB Entry | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ | Mitigation, Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106251 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00F359B4-0530-47A3-BFBB-BA7D32104919",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A3A591-9B7A-4328-93C8-728D3E3E045D",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E0C96B-5FD4-422A-B429-860192BC46A0",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0A629A-E3CE-428A-81C1-25965A681B73",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:targetvisu_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2E1543-D82B-4BE7-8C9C-4EAABFB1F68B",
"versionEndExcluding": "3.5.14.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
},
{
"lang": "es",
"value": "Existe el filtrado de direcciones de comunicaci\u00f3n incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0."
}
],
"id": "CVE-2018-20026",
"lastModified": "2024-11-21T04:00:47.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-19T21:29:00.290",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-15 18:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download= | Vendor Advisory | |
| cve@mitre.org | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E9C6D8-9CC6-4F07-BF9E-8FBA03198AA0",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB94C8E2-B642-43D2-9396-46F5AB5E66FC",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBF71DD-DCB0-441A-B122-AC9EAD7C1D67",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C50DC2EE-102F-4B47-AF0A-25D2D10FDC1E",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D5F04F-C033-42E5-A072-137EF5C54DF7",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E06CDD-4C2A-457B-B456-BB377481C52A",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5424CD6A-42C6-4744-B182-739CC379EA79",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B19C74A7-08D3-40AC-BF00-87EF5DDA9A0C",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9995DEF-A6ED-4B62-BFE7-F85DF8E56315",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92CF05A0-31F0-49BB-9299-E9210D954682",
"versionEndExcluding": "3.5.14.20",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los productos 3S-Smart CODESYS V3. Una petici\u00f3n de comunicaci\u00f3n dise\u00f1ada puede causar asignaciones de memoria no controladas en los productos CODESYS afectados y puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio. Todas las variantes de los siguientes productos CODESYS V3 en todas las versiones anteriores a v3.5.14.20 que contienen el componente CmpGateway est\u00e1n afectadas, indiferentemente del tipo de CPU o sistema operativo: CODESYS Control para BeagleBone, CODESYS Control para emPC-A/iMX6, CODESYS Control para IOT2000, CODESYS Control para Linux, CODESYS Control para PFC100, CODESYS Control para PFC200, CODESYS Control para Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System."
}
],
"id": "CVE-2019-9012",
"lastModified": "2024-11-21T04:50:48.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-15T18:15:23.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}