Vulnerabilites related to codesys - control_for_plcnext
cve-2020-12068
Vulnerability from cvelistv5
Published
2020-05-14 20:29
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.codesys.com | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:29:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codesys.com",
"refsource": "MISC",
"url": "https://www.codesys.com"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12068",
"datePublished": "2020-05-14T20:29:21",
"dateReserved": "2020-04-22T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10245
Vulnerability from cvelistv5
Published
2020-03-26 03:45
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-16 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download= | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T03:49:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10245",
"datePublished": "2020-03-26T03:45:20",
"dateReserved": "2020-03-09T00:00:00",
"dateUpdated": "2024-08-04T10:58:39.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15806
Vulnerability from cvelistv5
Published
2020-07-22 18:14
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.codesys.com | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | x_refsource_CONFIRM | |
| https://www.tenable.com/security/research/tra-2020-46 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T22:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codesys.com",
"refsource": "MISC",
"url": "https://www.codesys.com"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"name": "https://www.tenable.com/security/research/tra-2020-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15806",
"datePublished": "2020-07-22T18:14:43",
"dateReserved": "2020-07-17T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18858
Vulnerability from cvelistv5
Published
2019-11-20 17:04
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | x_refsource_MISC | |
| https://www.tenable.com/security/research/tra-2019-48 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T20:07:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf",
"refsource": "MISC",
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-48",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18858",
"datePublished": "2019-11-20T17:04:25",
"dateReserved": "2019-11-11T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30791
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30791",
"STATE": "PUBLIC",
"TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30791",
"datePublished": "2022-07-11T10:40:38.913416Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12069
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2021-061/ | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2022-031/ | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2022-022/ | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS V3 containing the CmpUserMgr |
Version: V3 < V3.5.16.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS V3 containing the CmpUserMgr",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.16.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T05:40:17.087Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS V3 prone to Inadequate Password Hashing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12069",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2020-04-22T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30792
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 23:05
Severity ?
EPSS score ?
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3 < V3.5.18.20 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:43",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30792",
"STATE": "PUBLIC",
"TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30792",
"datePublished": "2022-07-11T10:40:43.935648Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7052
Vulnerability from cvelistv5
Published
2020-01-24 19:31
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-04 | x_refsource_MISC | |
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T19:31:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7052",
"datePublished": "2020-01-24T19:31:59",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-07-11 11:15
Modified
2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600 | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
},
{
"lang": "es",
"value": "En CmpBlkDrvTcp de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no est\u00e1n afectadas"
}
],
"id": "CVE-2022-30791",
"lastModified": "2024-11-21T07:03:23.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-11T11:15:08.177",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 11:15
Modified
2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000_sl | * | |
| codesys | control_for_linux_sl | * | |
| codesys | control_for_pfc100_sl | * | |
| codesys | control_for_pfc200_sl | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi_sl | * | |
| codesys | control_for_wago_touch_panels_600 | * | |
| codesys | control_rte_sl | * | |
| codesys | control_rte_sl_\(for_beckhoff_cx\) | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | development_system | * | |
| codesys | edge_gateway | * | |
| codesys | edge_gateway | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
},
{
"lang": "es",
"value": "En CmpChannelServer de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicaci\u00f3n. Las conexiones existentes no est\u00e1n afectadas"
}
],
"id": "CVE-2022-30792",
"lastModified": "2024-11-21T07:03:23.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-11T11:15:08.240",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 20:15
Modified
2024-11-21 05:36
Severity ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2020-04 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-04 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_linux | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_rte | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | gateway | * | |
| codesys | hmi | * | |
| codesys | safety_sil2 | * | |
| codesys | simulation_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E5BF9F-79C9-48D3-9F2D-CCDF73144FCA",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221CAFE3-1BC7-4CAC-B3F8-981B3F267CFE",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B048CEB-E1D0-4EF1-9BD3-966CB9E147D8",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A72217A3-4591-4C52-AB37-7FD652276569",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51EFD6C4-C1AC-45D7-909F-6B074B32090E",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1B75F5-F426-4877-9004-1F714B2A4968",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F150E51-4E03-40A8-8099-E5BE13234DD9",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D839D59-8090-4158-A2C2-847DEDD9674D",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E278A9AE-5684-4F7E-B253-0F70CA835322",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "650315EF-4AC2-4B5B-A5A1-8ABBE6C398B6",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C46635-3068-4DDA-8527-2E473763E652",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F22E48-0C8D-47C2-8C88-F35ED1027465",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.9.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A487191-D2CD-484B-88D3-C7A1EFD8C19B",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3462D2-9AA7-4046-B491-36A2A9970BA7",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4FCCC9-6069-47D6-AB46-65697F7AE58D",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "375689F5-9B58-491C-BD1C-2CF5C9CEB474",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.9.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
},
{
"lang": "es",
"value": "CODESYS Control versi\u00f3n V3, Gateway versi\u00f3n V3 y HMI versiones V3 anteriores a 3.5.15.30, permiten una asignaci\u00f3n de memoria no controlada que puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio remota."
}
],
"id": "CVE-2020-7052",
"lastModified": "2024-11-21T05:36:34.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T20:15:10.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 21:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | development_system | * | |
| codesys | hmi | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAF3E76-D917-48FA-BE80-7CEF592359F3",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977B88F5-FA46-41A6-B65E-034EEBA19755",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E1A555-20F2-4C1D-824C-9BFE5A8C1184",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB53F8-F076-41FB-B556-077F99584B76",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B23429-F3C9-4414-A3C8-FDEA5D0DFE96",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios."
}
],
"id": "CVE-2020-12068",
"lastModified": "2024-11-21T04:59:12.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T21:15:13.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.codesys.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.codesys.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-26 19:15
Modified
2024-11-21 04:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-061/ | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-022/ | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-031/ | Third Party Advisory | |
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-061/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-022/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-031/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pilz | pmc | * | |
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_linux | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte_v3 | * | |
| codesys | control_v3_runtime_system_toolkit | * | |
| codesys | control_win_v3 | * | |
| codesys | hmi_v3 | * | |
| codesys | v3_simulation_runtime | * | |
| festo | controller_cecc-d_firmware | 2.3.8.0 | |
| festo | controller_cecc-d_firmware | 2.3.8.1 | |
| festo | controller_cecc-d | - | |
| festo | controller_cecc-lk_firmware | 2.3.8.0 | |
| festo | controller_cecc-lk_firmware | 2.3.8.1 | |
| festo | controller_cecc-lk | - | |
| festo | controller_cecc-s_firmware | 2.3.8.0 | |
| festo | controller_cecc-s_firmware | 2.3.8.1 | |
| festo | controller_cecc-s | - | |
| wago | 750-8217_firmware | - | |
| wago | 750-8217 | - | |
| wago | 750-8216_firmware | * | |
| wago | 750-8216 | - | |
| wago | 750-8215_firmware | * | |
| wago | 750-8215 | - | |
| wago | 750-8214_firmware | * | |
| wago | 750-8214 | - | |
| wago | 750-8213_firmware | * | |
| wago | 750-8213 | - | |
| wago | 750-8212_firmware | * | |
| wago | 750-8212 | - | |
| wago | 750-8211_firmware | * | |
| wago | 750-8211 | - | |
| wago | 750-8210_firmware | * | |
| wago | 750-8210 | - | |
| wago | 750-8207_firmware | * | |
| wago | 750-8207 | - | |
| wago | 750-8206_firmware | * | |
| wago | 750-8206 | - | |
| wago | 750-8204_firmware | * | |
| wago | 750-8204 | - | |
| wago | 750-8203_firmware | * | |
| wago | 750-8203 | - | |
| wago | 750-8202_firmware | * | |
| wago | 750-8202 | - | |
| wago | 750-8102_firmware | * | |
| wago | 750-8102 | - | |
| wago | 750-8101_firmware | * | |
| wago | 750-8101 | - | |
| wago | 750-8100_firmware | * | |
| wago | 750-8100 | - | |
| wago | 762-4201\/8000-001_firmware | * | |
| wago | 762-4201\/8000-001 | - | |
| wago | 762-4202\/8000-001_firmware | * | |
| wago | 762-4202\/8000-001 | - | |
| wago | 762-4203\/8000-001_firmware | * | |
| wago | 762-4203\/8000-001 | - | |
| wago | 762-4204\/8000-001_firmware | * | |
| wago | 762-4204\/8000-001 | - | |
| wago | 762-4205\/8000-001_firmware | * | |
| wago | 762-4205\/8000-001 | - | |
| wago | 762-4205\/8000-002_firmware | * | |
| wago | 762-4205\/8000-002 | - | |
| wago | 762-4206\/8000-001_firmware | * | |
| wago | 762-4206\/8000-001 | - | |
| wago | 762-4206\/8000-002_firmware | * | |
| wago | 762-4206\/8000-002 | - | |
| wago | 762-4301\/8000-002_firmware | * | |
| wago | 762-4301\/8000-002 | - | |
| wago | 762-4302\/8000-002_firmware | * | |
| wago | 762-4302\/8000-002 | - | |
| wago | 762-4303\/8000-002_firmware | * | |
| wago | 762-4303\/8000-002 | - | |
| wago | 762-4304\/8000-002_firmware | * | |
| wago | 762-4304\/8000-002 | - | |
| wago | 762-4305\/8000-002_firmware | * | |
| wago | 762-4305\/8000-002 | - | |
| wago | 762-4306\/8000-002_firmware | * | |
| wago | 762-4306\/8000-002 | - | |
| wago | 762-5203\/8000-001_firmware | * | |
| wago | 762-5203\/8000-001 | - | |
| wago | 762-5204\/8000-001_firmware | * | |
| wago | 762-5204\/8000-001 | - | |
| wago | 762-5205\/8000-001_firmware | * | |
| wago | 762-5205\/8000-001 | - | |
| wago | 762-5206\/8000-001_firmware | * | |
| wago | 762-5206\/8000-001 | - | |
| wago | 762-5303\/8000-002_firmware | * | |
| wago | 762-5303\/8000-002 | - | |
| wago | 762-5304\/8000-002_firmware | * | |
| wago | 762-5304\/8000-002 | - | |
| wago | 762-5305\/8000-002_firmware | * | |
| wago | 762-5305\/8000-002 | - | |
| wago | 762-5306\/8000-002_firmware | * | |
| wago | 762-5306\/8000-002 | - | |
| wago | 762-6201\/8000-001_firmware | * | |
| wago | 762-6201\/8000-001 | - | |
| wago | 762-6202\/8000-001_firmware | * | |
| wago | 762-6202\/8000-001 | - | |
| wago | 762-6203\/8000-001_firmware | * | |
| wago | 762-6203\/8000-001 | - | |
| wago | 762-6204\/8000-001_firmware | * | |
| wago | 762-6204\/8000-001 | - | |
| wago | 762-6301\/8000-002_firmware | * | |
| wago | 762-6301\/8000-002 | - | |
| wago | 762-6302\/8000-002_firmware | * | |
| wago | 762-6302\/8000-002 | - | |
| wago | 762-6303\/8000-002_firmware | * | |
| wago | 762-6303\/8000-002 | - | |
| wago | 762-6304\/8000-002_firmware | * | |
| wago | 762-6304\/8000-002 | - | |
| wago | 752-8303\/8000-0002_firmware | * | |
| wago | 752-8303\/8000-0002 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pilz:pmc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1603B9DF-B514-409E-BCB4-9366F9457EB7",
"versionEndExcluding": "3.5.17",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7492683-673C-495F-9748-E3467F547F3B",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14130B51-A172-4F7B-8C66-EC77BC88E7B7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D33373-E3FC-468A-9CDC-9902C58A6506",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF3AC84-140D-4F59-8624-714F974DFE42",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620EFF51-16DA-4A0F-AB32-E42D064EDC21",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:v3_simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09EFCCBD-8961-4E2F-90F3-452EB2B354C1",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5949D80D-9E1D-4F4C-A64F-3C24F77E1961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6479AA1B-D587-47F0-8695-CB3E9DFE96DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F17E63-45C3-48C7-916C-272FEB02E8C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6A2F0-0190-48FF-BB9A-C7651D92A24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB868741-D7A8-4DDB-A2A3-1074D6B9DD85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-lk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA82BF77-3362-46A9-8ED3-BD7A07779562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B703F63E-C0DA-4426-9378-3A7A6E3E5060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37695435-4E04-4B5E-8D85-B9786A740C07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DFC73D-3164-402D-A7D0-D37610206F8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8217_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5412C2-6982-4A66-B440-51DEF02F2C11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B23CD8FD-FC7A-4E24-BF8F-648478D82645",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6766E924-B6F0-4B49-AC5C-4635DFFA9E52",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B854F74-173E-4523-BBA7-8FF7A9B9880E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8215_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1544BB-CDDE-4E32-8D64-F6A65DC2B6CC",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577EDC26-671C-4703-BBF0-FE93AFEA81E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1169B9-53BD-47CF-BF19-17DBC0703B51",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979A8E43-4285-4A7B-BB0B-E6888117862C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D4E7F6-CEAE-456D-AF2D-9A6B3D6B2F45",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4969E8EB-EF09-47B9-8F03-37BB87CFD048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D577EB6B-E29C-4E0A-816F-0231ADA84A07",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20BBC380-0F6E-4400-93AF-5B6CFEF00562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A5FA7D-E0FF-4676-BFE8-70EF94C7C349",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD6B267-3E4B-4597-82A6-130D6F21C728",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5065C4C4-E09F-4B09-B2BD-2B8BC7451C3E",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E11758B-46C3-4E57-943A-C9C073AE5211",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7A7E-4E7E-4721-A30E-2629B700E184",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA98A0D9-B050-430B-96C5-15932438FD3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E97F6B2-2065-4726-88D9-80145F3C23C5",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A035FB07-360A-479D-A6B3-979CCE07A8D7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF14BE1-1EB5-423B-9FE7-E401AEF92553",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F174A297-EF2D-491D-BF24-02E52ABE1CCA",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC428EC8-532A-4825-BCE3-C42A4BC01C68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC08CA50-30F0-4970-A688-447FD6ABA0E7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23B02096-81A5-4823-94F3-D87F389397DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C24AAFAF-2BB2-4C90-A294-794D76FEF295",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A409E2AA-49AC-4967-8984-070FC9AD06E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C07A6921-5664-4DDB-BB9E-32375B6ADDAD",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3111C2A1-CABC-42BF-9EB1-66667A7269C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAFAAD6-8F69-4C71-8A88-CD9FDACF1485",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33C4EEF3-EB06-4A8E-9BB2-0FE0AC3A6B7C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4201\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6C8A59-2E86-4E4E-AABF-BFA48A4C5733",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4201\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54B6A-82B1-4AFA-BBA0-1998B5DE0BBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4202\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6500D1ED-60AC-45E2-921B-5F7735B265BF",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4202\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09484C17-CD67-44E3-BA2D-0F718D888B0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F53B32B-C496-49AD-85F1-D7CA256FCE40",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5672E3-7B4C-4FAF-955E-04EEB9E5B210",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6951A92E-974E-4361-9551-CE5D58D82D14",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9E9B25-5C96-4665-9DC2-DD11905331AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4205\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86F222E9-8105-477C-BC4D-558751183C52",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4205\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A646213B-FF88-4A28-91B8-E21BD3710DF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4205\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E68AF4-175D-49A2-AD1C-002845FE0C3D",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4205\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2569546-AC58-420F-8FE6-90BA904DF6AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4206\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D621FF-BF0B-4E20-97A0-8A53C68C5A89",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4206\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1F780-B010-4C95-B1B8-3A2D34938223",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4206\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A5AE5B-619A-400F-B4B2-10884F64369F",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4206\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88834C9-E823-4B11-91D2-8E2264D5E3D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4301\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A57157-6B49-402E-9533-828E59C67649",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4301\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4302\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFADF5D8-9EAA-4D93-A4ED-315BE26D0BBA",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4302\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "523A4534-4A47-4E29-B33C-85C13B9523B1",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5421E8-67EA-4D0D-889F-A64DA70E7695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD6DA33-2CB6-483D-8F89-B8D0C6A73FA7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB95678-6815-4FB6-AA22-E6FEC011B269",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4305\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6386C510-8897-4EF8-8A5C-EB869FEF98A1",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4305\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C67678-4BC4-417A-AD6E-FB60B0F7A384",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4306\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94D29BB6-F958-4BD5-BFCB-A2B914C0885A",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4306\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "082B2ECB-179E-4DE9-856F-EDDBB42AF318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0108A9FD-18D0-4D5B-92BE-641C81BFD17D",
"versionEndIncluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE3A7A-F96D-41B8-A150-BA5DC144DAA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2E2CCA-74C4-40E5-931B-AB307357D658",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EE3467-287E-4729-8C2B-3F43B92A49B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5205\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE8AF21-A70F-4EF5-A6A2-00C953B6181C",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5205\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13B53684-BFE1-4100-9624-A034119E7CAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5206\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1405E2-8561-4F3E-983C-C294BA6351CF",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5206\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD7B74F-71F9-4B0F-A9EB-EEA6FBEF81FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94443EB3-0519-4238-B637-4FDB0B20ACCE",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4FF612-453D-4287-8989-2779A6F6A0A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "833276FD-3A3B-4B83-94BA-589ADEF2010D",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80089A85-1174-4E47-BC36-69DD11A3FFF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5305\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D779360-F243-47C4-86A7-FF5020238F42",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5305\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91554389-BCF9-48EB-B198-A192BAE6206D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5306\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151B1218-958A-4BE3-925F-D95F5ADCD942",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5306\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E65CA42E-371C-407C-84F9-64AC3F02FFE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6201\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334E43C5-CD20-4DCF-805D-34E75E4AE8C4",
"versionEndIncluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6201\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6202\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE9E55C-1241-40D2-9357-AF657BBEFB28",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6202\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4E78EB-C91E-4E92-AF9F-90300EE96E03",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1805464-9B11-41E3-A80A-8FC5299A6E50",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C98F37AB-BFC5-49C2-B8FD-21AA0266C703",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979D2D35-114F-4B23-A3E9-0F0A619B4AF9",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "422F9EEC-8516-4692-93DE-BB0F385D2BD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6301\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71DF0E46-8E22-49B5-B1E1-5B3CBAA7FD1E",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6301\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742F9265-3770-4B4E-A327-2202E2DAEA84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6302\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE1A9D-1A41-475C-83D7-E9E0105E70BC",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6302\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB659-7FF2-4272-9818-3517AC55BFFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C90343DF-DA2F-4AAE-AD85-AC715C838E47",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7E5506-BA01-4B6F-9475-3F2056019858",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE417E0-9A5F-4C68-BF1B-10535FEF4B19",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E97AD-B5B4-4F54-A8B8-52E83F34C33D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:752-8303\\/8000-0002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0090E3E-5CB8-4363-9CA0-A9165910BD9A",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:752-8303\\/8000-0002:*:*:*:*:*:*:*:*",
"matchCriteriaId": "922FBB58-6D8C-42CC-AAB2-5372DF63C280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
},
{
"lang": "es",
"value": "En los productos CODESYS V3 en todas las versiones anteriores a la V3.5.16.0 que contienen CmpUserMgr, el sistema de tiempo de ejecuci\u00f3n de CODESYS Control almacena las contrase\u00f1as de comunicaci\u00f3n en l\u00ednea utilizando un algoritmo hash d\u00e9bil. Esto puede ser utilizado por un atacante local con pocos privilegios para obtener el control total del dispositivo."
}
],
"id": "CVE-2020-12069",
"lastModified": "2024-11-21T04:59:12.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T19:15:10.520",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-20 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2019-48 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-48 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_linux | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC6B28E-A811-41B3-8211-5C00F43501B0",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C35E21FB-D148-4295-8F6E-250276198B78",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3FD146-88C2-4091-9A95-5F1734B4FBC9",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A300E3F-5BF6-455E-ADDC-D7443254F049",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1502A884-95A6-4587-8EFA-82374251CD3A",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02BEA387-FF44-4AF9-8B80-CD8D6E7F4549",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D16B0FB-C69F-4D02-9598-22ADD027D9AA",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D956E-7844-4F3D-BF27-E38E5D2B0A68",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFC3A8-1D5C-486E-97CB-0F38E9874B96",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02ED0463-8628-488A-B931-683A2C0205B9",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFF4CBE-6291-479D-BC3C-379C7F7D8337",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D32C64-2C59-461B-8E33-A4EDF31E886E",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95BE3C03-7A36-4AD8-B5E9-BD91BD729B72",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1451AE82-855F-425C-9C30-2B96F4B8F2EC",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
},
{
"lang": "es",
"value": "El servidor web CODESYS 3 versiones anteriores a la versi\u00f3n 3.5.15.20, distribuido con los sistemas de tiempo de ejecuci\u00f3n CODESYS Control, tiene un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2019-18858",
"lastModified": "2024-11-21T04:33:43.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T18:15:10.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_linux | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_for_wago_touch_panels_600 | * | |
| codesys | control_rte | * | |
| codesys | control_rte | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * | |
| codesys | simulation_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE57E7D-63C1-470F-A95B-B9DA3A586E04",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5F06D0-5224-4D76-A856-9AB57BF87D59",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB388FBB-8512-4FCE-A754-A82239A911B9",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41722BB1-40F6-4D12-9A00-156D04C92097",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E56A636-9DC3-411D-B287-308A2BAC759D",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82614FBA-2612-4FA4-988B-D67E80B5DDA7",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "387FB2B8-5435-4054-94A4-0AE60A42FB0C",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7517E0-0D9C-4AA8-B8A9-7F1420FE4616",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C80CDF5-5264-41CD-A475-E46C3E941F4A",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*",
"matchCriteriaId": "6097C902-F24A-4408-8E2C-C90F0AB67E13",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "2DDE8129-4CEE-440B-B0D1-29BB93D1ACE8",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF52B1D-7AF9-4DAD-A8E7-6CB7CC060E08",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E86A4C83-B82D-4D2F-96C6-C8F66B7AB947",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.9.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "890104AC-5CB4-466D-9CC0-F39E8B24BD9D",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE9850A-47B3-4C37-90C0-FF9516DF025F",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31C2638C-D4C4-4C71-A873-E7836802E6FE",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A09DAE1-678B-49A2-88CE-CFF4F514673E",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.9.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
},
{
"lang": "es",
"value": "El sistema del tiempo de ejecuci\u00f3n de Control CODESYS, versiones anteriores a 3.5.16.10, permite una Asignaci\u00f3n de Memoria No Controlada"
}
],
"id": "CVE-2020-15806",
"lastModified": "2024-11-21T05:06:13.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-22T19:15:12.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-26 04:15
Modified
2024-11-21 04:55
Severity ?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download= | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2020-16 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-16 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_linux | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_rte | * | |
| codesys | control_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA61ACB-5690-42D7-8420-E77E58D5BA4D",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB5ED1-0B3C-4426-AC3E-621C230AE38C",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1477C3BF-2636-4D41-B951-CED7CAE6731A",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82047F2C-2D3D-4D6C-9DAE-512BD9639747",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E832FD04-9206-4881-8695-8FA7FE788EE7",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C21D2A80-B830-483F-A748-2F082D369C73",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD92E41-9C0A-47E0-8B90-181A2ECC4627",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "491C7EFF-D620-40EB-B112-9D0B2AC62B76",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75BA05C4-3066-4354-9F99-232D181D0CA6",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "D3281307-8315-42A5-84FD-C683C54B603A",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E095D809-8408-4FEE-874F-1F021EC7E97E",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43EBED50-DFA9-430B-8B3C-8994E2E43470",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.9.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93ACEEA3-B958-4070-86F0-5C84869A13E7",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CF0416-A09F-46CF-8285-A46E7F1A2F8C",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC06C9A-3D60-46FF-BCF4-B1C472DB3850",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
},
{
"lang": "es",
"value": "El servidor web CODESYS versiones V3 anteriores a 3.5.15.40, como es usado en los sistemas de tiempo de ejecuci\u00f3n CODESYS Control, presenta un desbordamiento del b\u00fafer."
}
],
"id": "CVE-2020-10245",
"lastModified": "2024-11-21T04:55:03.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-26T04:15:11.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}