All the vulnerabilites related to CODESYS - Control for BeagleBone SL
var-201902-0732
Vulnerability from variot
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS V3 The product contains vulnerabilities related to security functions.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development.
A security vulnerability exists in several 3S-Smart Software Solutions products, which stems from programs that do not properly restrict communication channels. An attacker could use this vulnerability to impersonate the source of a communication packet. The following products are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Development System, CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0732", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "codesys control rte v3", "scope": null, "trust": 1.6, "vendor": "3s smart", "version": null }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for raspberry pi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control runtime toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control rte sl \\", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "development system v3", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control win sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for iot2000 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "safety sil2", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control rte sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "plchandler", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "opc server", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control runtime toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for linux sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for pfc200 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "targetvisu sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "hmi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "targetvisu sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control rte sl \\", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control win sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "development system v3", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "opc server", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "safety sil2", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "plchandler", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control rte sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "hmi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "codesys control for beaglebone", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for empc-a/imx6", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for iot2000", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for linux", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for pfc100", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for pfc200", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for raspberry pi", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control runtime system toolkit", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys simulation runtime", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys safety sil2", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys remote target visu toolkit", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys embedded target visu toolkit", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys development system", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys plchandler sdk", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys opc server", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys hmi", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "3" }, { "model": "codesys control win", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys control runtime system toolkit", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys control rte", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "3" }, { "model": "codesys control for raspberry pi", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for pfc200", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for pfc100", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for linux", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for iot2000", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for empc-a/imx6", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for beaglebone", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" } ], "sources": [ { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "NVD", "id": "CVE-2018-20026" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:targetvisu_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-20026" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alexander Nochvay from Kaspersky Lab", "sources": [ { "db": "BID", "id": "106251" } ], "trust": 0.3 }, "cve": "CVE-2018-20026", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-20026", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-130791", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-20026", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-20026", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-787", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-130791", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-130791" }, { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "NVD", "id": "CVE-2018-20026" }, { "db": "CNNVD", "id": "CNNVD-201812-787" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS V3 The product contains vulnerabilities related to security functions.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company\u0027s programming software for industrial control system development. \n\nA security vulnerability exists in several 3S-Smart Software Solutions products, which stems from programs that do not properly restrict communication channels. An attacker could use this vulnerability to impersonate the source of a communication packet. The following products are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Development System, CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities:\n1. An insecure random number generator weakness\n3. A spoofing vulnerability\nAn attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible", "sources": [ { "db": "NVD", "id": "CVE-2018-20026" }, { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "CNNVD", "id": "CNNVD-201812-787" }, { "db": "BID", "id": "106251" }, { "db": "VULHUB", "id": "VHN-130791" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-20026", "trust": 2.8 }, { "db": "ICS CERT", "id": "ICSA-18-352-04", "trust": 2.8 }, { "db": "BID", "id": "106251", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2018-014638", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201812-787", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-130791", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-130791" }, { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "NVD", "id": "CVE-2018-20026" }, { "db": "CNNVD", "id": "CNNVD-201812-787" } ] }, "id": "VAR-201902-0732", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-130791" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:33:33.639000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.codesys.com/" }, { "title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87985" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "CNNVD", "id": "CNNVD-201812-787" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-254", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-130791" }, { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "NVD", "id": "CVE-2018-20026" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/106251" }, { "trust": 2.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-04" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20026" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20026" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-18-352-04" }, { "trust": 0.3, "url": "https://www.codesys.com/" }, { "trust": 0.3, "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-130791" }, { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "NVD", "id": "CVE-2018-20026" }, { "db": "CNNVD", "id": "CNNVD-201812-787" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-130791" }, { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "db": "NVD", "id": "CVE-2018-20026" }, { "db": "CNNVD", "id": "CNNVD-201812-787" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-19T00:00:00", "db": "VULHUB", "id": "VHN-130791" }, { "date": "2018-12-18T00:00:00", "db": "BID", "id": "106251" }, { "date": "2019-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "date": "2019-02-19T21:29:00.290000", "db": "NVD", "id": "CVE-2018-20026" }, { "date": "2018-12-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-787" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-130791" }, { "date": "2018-12-18T00:00:00", "db": "BID", "id": "106251" }, { "date": "2019-07-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014638" }, { "date": "2023-03-29T18:40:10.533000", "db": "NVD", "id": "CVE-2018-20026" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-787" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-787" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CODESYS V3 Vulnerabilities related to security functions in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014638" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "security feature problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-787" } ], "trust": 0.6 } }
var-202105-1033
Vulnerability from variot
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. 3s-smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions (3s-smart Software Solutions) company in Germany
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1033", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "control for plcnext sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "safety sil", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control win", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control win", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "control runtime system toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for linux arm sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control rte", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control rte", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "opc server", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "control runtime system toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "hmi", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "embedded target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "opc server", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for linux sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "hmi", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc200 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "embedded target visu toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "control for plcnext sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for wago touch panels 600 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for raspberry pi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "edge gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "control for linux arm sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "remote target visu toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "plchandler", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "plchandler", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "remote target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "simulation runtime", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "safety sil", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.17.0" }, { "model": "control for wago touch panels 600 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "simulation runtime", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29242" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:safety_sil:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.17.0", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29242" } ] }, "cve": "CVE-2021-29242", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-388815", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-29242", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-29242", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202105-050", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-388815", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-29242", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-388815" }, { "db": "VULMON", "id": "CVE-2021-29242" }, { "db": "NVD", "id": "CVE-2021-29242" }, { "db": "CNNVD", "id": "CNNVD-202105-050" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages. 3s-smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions (3s-smart Software Solutions) company in Germany", "sources": [ { "db": "NVD", "id": "CVE-2021-29242" }, { "db": "VULHUB", "id": "VHN-388815" }, { "db": "VULMON", "id": "CVE-2021-29242" } ], "trust": 1.08 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-29242", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-202105-050", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-388815", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-29242", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388815" }, { "db": "VULMON", "id": "CVE-2021-29242" }, { "db": "NVD", "id": "CVE-2021-29242" }, { "db": "CNNVD", "id": "CNNVD-202105-050" } ] }, "id": "VAR-202105-1033", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-388815" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:12:32.413000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "3s-smart Software Solutions CODESYS Control Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=150530" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-050" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388815" }, { "db": "NVD", "id": "CVE-2021-29242" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://customers.codesys.com/index.php" }, { "trust": 1.8, "url": "https://www.codesys.com/security/security-reports.html" }, { "trust": 1.7, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download=" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29242" }, { "trust": 0.1, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=14640\u0026amp;token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026amp;download=" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-388815" }, { "db": "VULMON", "id": "CVE-2021-29242" }, { "db": "NVD", "id": "CVE-2021-29242" }, { "db": "CNNVD", "id": "CNNVD-202105-050" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-388815" }, { "db": "VULMON", "id": "CVE-2021-29242" }, { "db": "NVD", "id": "CVE-2021-29242" }, { "db": "CNNVD", "id": "CNNVD-202105-050" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-05-03T00:00:00", "db": "VULHUB", "id": "VHN-388815" }, { "date": "2021-05-03T00:00:00", "db": "VULMON", "id": "CVE-2021-29242" }, { "date": "2021-05-03T14:15:07.667000", "db": "NVD", "id": "CVE-2021-29242" }, { "date": "2021-05-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-050" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-14T00:00:00", "db": "VULHUB", "id": "VHN-388815" }, { "date": "2021-05-13T00:00:00", "db": "VULMON", "id": "CVE-2021-29242" }, { "date": "2021-09-14T18:18:36.333000", "db": "NVD", "id": "CVE-2021-29242" }, { "date": "2021-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-050" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-050" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "3s-smart Software Solutions CODESYS Control Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-050" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-050" } ], "trust": 0.6 } }
var-201908-0056
Vulnerability from variot
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. There are security holes in several 3S-Smart Software Solutions products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0056", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "control for raspberry pi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control runtime toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "development system", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for iot2000 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control runtime toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for linux sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc200 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for beaglebone sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "development system", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "codesys control for beaglebone", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for empc-a/imx6", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for iot2000", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for linux", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for pfc100", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for pfc200", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for raspberry pi", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control runtime system toolkit", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys development system", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys gateway", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "NVD", "id": "CVE-2019-9012" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-9012" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "3S-Smart Software Solutions GmbH", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-156" } ], "trust": 0.6 }, "cve": "CVE-2019-9012", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-9012", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-160447", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-9012", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-9012", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201908-156", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-160447", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160447" }, { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "NVD", "id": "CVE-2019-9012" }, { "db": "CNNVD", "id": "CNNVD-201908-156" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nThere are security holes in several 3S-Smart Software Solutions products", "sources": [ { "db": "NVD", "id": "CVE-2019-9012" }, { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "CNNVD", "id": "CNNVD-201908-156" }, { "db": "VULHUB", "id": "VHN-160447" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-9012", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-19-213-03", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-008669", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-156", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-19-213-04", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2901", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-160447", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160447" }, { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "NVD", "id": "CVE-2019-9012" }, { "db": "CNNVD", "id": "CNNVD-201908-156" } ] }, "id": "VAR-201908-0056", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160447" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:18:39.901000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.codesys.com/" }, { "title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95917" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "CNNVD", "id": "CNNVD-201908-156" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.1 }, { "problemtype": "CWE-400", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160447" }, { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "NVD", "id": "CVE-2019-9012" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03" }, { "trust": 1.6, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download=" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9012" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9012" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2901/" }, { "trust": 0.1, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12938\u0026amp;token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026amp;download=" } ], "sources": [ { "db": "VULHUB", "id": "VHN-160447" }, { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "NVD", "id": "CVE-2019-9012" }, { "db": "CNNVD", "id": "CNNVD-201908-156" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-160447" }, { "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "db": "NVD", "id": "CVE-2019-9012" }, { "db": "CNNVD", "id": "CNNVD-201908-156" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-15T00:00:00", "db": "VULHUB", "id": "VHN-160447" }, { "date": "2019-09-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "date": "2019-08-15T18:15:23.477000", "db": "NVD", "id": "CVE-2019-9012" }, { "date": "2019-08-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-156" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-160447" }, { "date": "2019-09-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008669" }, { "date": "2023-05-16T11:15:49.487000", "db": "NVD", "id": "CVE-2019-9012" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-156" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-156" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural 3S-Smart CODESYS Product depletion vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008669" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-156" } ], "trust": 0.6 } }
var-201902-0731
Vulnerability from variot
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development.
A number of 3S-Smart Software Solutions products have security vulnerabilities that result from programs using values with insufficient randomness. An attacker could use this vulnerability to affect the confidentiality and integrity of the data. The following products are affected: 3S-Smart CODESYS Control for BeagleBone; CODESYS Control for emPC-A / iMX6; CODESYS Control for IOT2000; CODESYS Control for Linux; CODESYS Control for PFC100; CODESYS Control for PFC200; CODESYS Control for Raspberry Pi; CODESYS Control RTE V3; CODESYS Control RTE V3 (for Beckhoff CX); CODESYS Control Win V3 (part of CODESYS Development System setup); CODESYS Control V3 Runtime System Toolkit; CODESYS V3 Embedded Target Visu Toolkit; CODESYS V3 Remote Target Visu Toolkit; CODESYS V3 Safety SIL2; CODESYS Gateway V3; CODESYS HMI V3; CODESYS OPC Server V3; CODESYS PLCHandler SDK; CODESYS V3 Development System; CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0731", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "codesys control rte v3", "scope": null, "trust": 1.6, "vendor": "3s smart", "version": null }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for raspberry pi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control runtime toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control rte sl \\", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "development system", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control win sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for iot2000 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "safety sil2", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control rte sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control runtime toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for linux sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for pfc200 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "hmi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control rte sl \\", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control win sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "safety sil2", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "development system", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control rte sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "hmi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "codesys control for beaglebone", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for empc-a/imx6", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for iot2000", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for linux", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for pfc100", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for pfc200", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control for raspberry pi", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys control runtime toolkit", "scope": null, "trust": 0.8, "vendor": "3s smart", "version": null }, { "model": "codesys simulation runtime", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys safety sil2", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys remote target visu toolkit", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys embedded target visu toolkit", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys development system", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys plchandler sdk", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys opc server", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys hmi", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "3" }, { "model": "codesys control win", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys control runtime system toolkit", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys control rte", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "3" }, { "model": "codesys control for raspberry pi", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for pfc200", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for pfc100", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for linux", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for iot2000", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for empc-a/imx6", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for beaglebone", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" } ], "sources": [ { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "NVD", "id": "CVE-2018-20025" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-20025" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alexander Nochvay from Kaspersky Lab", "sources": [ { "db": "BID", "id": "106251" } ], "trust": 0.3 }, "cve": "CVE-2018-20025", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-20025", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-130790", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-20025", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-20025", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201812-786", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-130790", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-130790" }, { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "NVD", "id": "CVE-2018-20025" }, { "db": "CNNVD", "id": "CNNVD-201812-786" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company\u0027s programming software for industrial control system development. \n\nA number of 3S-Smart Software Solutions products have security vulnerabilities that result from programs using values with insufficient randomness. An attacker could use this vulnerability to affect the confidentiality and integrity of the data. The following products are affected: 3S-Smart CODESYS Control for BeagleBone; CODESYS Control for emPC-A / iMX6; CODESYS Control for IOT2000; CODESYS Control for Linux; CODESYS Control for PFC100; CODESYS Control for PFC200; CODESYS Control for Raspberry Pi; CODESYS Control RTE V3; CODESYS Control RTE V3 (for Beckhoff CX); CODESYS Control Win V3 (part of CODESYS Development System setup); CODESYS Control V3 Runtime System Toolkit; CODESYS V3 Embedded Target Visu Toolkit; CODESYS V3 Remote Target Visu Toolkit; CODESYS V3 Safety SIL2; CODESYS Gateway V3; CODESYS HMI V3; CODESYS OPC Server V3; CODESYS PLCHandler SDK; CODESYS V3 Development System; CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities:\n1. An insecure random number generator weakness\n3. A spoofing vulnerability\nAn attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible", "sources": [ { "db": "NVD", "id": "CVE-2018-20025" }, { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "CNNVD", "id": "CNNVD-201812-786" }, { "db": "BID", "id": "106251" }, { "db": "VULHUB", "id": "VHN-130790" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-20025", "trust": 2.8 }, { "db": "ICS CERT", "id": "ICSA-18-352-04", "trust": 2.8 }, { "db": "BID", "id": "106251", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2018-014590", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201812-786", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-130790", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-130790" }, { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "NVD", "id": "CVE-2018-20025" }, { "db": "CNNVD", "id": "CNNVD-201812-786" } ] }, "id": "VAR-201902-0731", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-130790" } ], "trust": 0.34064171 }, "last_update_date": "2023-12-18T13:33:33.668000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.codesys.com/" }, { "title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87984" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "CNNVD", "id": "CNNVD-201812-786" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-330", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-130790" }, { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "NVD", "id": "CVE-2018-20025" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-04" }, { "trust": 2.0, "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/106251" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20025" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20025" }, { "trust": 0.3, "url": "https://www.codesys.com/" }, { "trust": 0.3, "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-130790" }, { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "NVD", "id": "CVE-2018-20025" }, { "db": "CNNVD", "id": "CNNVD-201812-786" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-130790" }, { "db": "BID", "id": "106251" }, { "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "db": "NVD", "id": "CVE-2018-20025" }, { "db": "CNNVD", "id": "CNNVD-201812-786" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-19T00:00:00", "db": "VULHUB", "id": "VHN-130790" }, { "date": "2018-12-18T00:00:00", "db": "BID", "id": "106251" }, { "date": "2019-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "date": "2019-02-19T21:29:00.243000", "db": "NVD", "id": "CVE-2018-20025" }, { "date": "2018-12-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-786" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-02T00:00:00", "db": "VULHUB", "id": "VHN-130790" }, { "date": "2018-12-18T00:00:00", "db": "BID", "id": "106251" }, { "date": "2019-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014590" }, { "date": "2019-04-02T15:29:00.323000", "db": "NVD", "id": "CVE-2018-20025" }, { "date": "2019-04-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-786" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-786" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CODESYS Vulnerabilities related to insufficient random values in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014590" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-786" } ], "trust": 0.6 } }
var-201901-0452
Vulnerability from variot
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development. The following products and versions are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS setup), CODESYS V3 Simulation Runtime (part of CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Successful exploitation may aid in launching further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0452", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for raspberry pi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control runtime toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "development system v3", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control win sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for iot2000 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control rte sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control runtime toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for linux sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control for pfc200 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "hmi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "development system v3", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control win sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "control rte sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "hmi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.0" }, { "model": "codesys control for beaglebone", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control for empc-a/imx6", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control for iot2000", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control for linux", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control for pfc100", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control for pfc200", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control for raspberry pi", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control rte v3", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control runtime toolkit", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys control win sl", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.0" }, { "model": "codesys simulation runtime", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys hmi", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "3" }, { "model": "codesys control runtime system toolkit", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "v30" }, { "model": "codesys control rte", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "3" }, { "model": "codesys control for raspberry pi", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for pfc200", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for pfc100", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for linux", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for iot2000", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for empc-a/imx6", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control for beaglebone", "scope": "eq", "trust": 0.3, "vendor": "3s", "version": "0" }, { "model": "codesys control", "scope": "ne", "trust": 0.3, "vendor": "3s", "version": "v33.5.14.0" } ], "sources": [ { "db": "BID", "id": "106248" }, { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "NVD", "id": "CVE-2018-10612" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-10612" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Yury Serdyuk of Kaspersky Lab", "sources": [ { "db": "BID", "id": "106248" } ], "trust": 0.3 }, "cve": "CVE-2018-10612", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-10612", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-10612", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-10612", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201812-788", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2018-10612", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-10612" }, { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "NVD", "id": "CVE-2018-10612" }, { "db": "CNNVD", "id": "CNNVD-201812-788" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company\u0027s programming software for industrial control system development. The following products and versions are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS setup), CODESYS V3 Simulation Runtime (part of CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Successful exploitation may aid in launching further attacks", "sources": [ { "db": "NVD", "id": "CVE-2018-10612" }, { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "CNNVD", "id": "CNNVD-201812-788" }, { "db": "BID", "id": "106248" }, { "db": "VULMON", "id": "CVE-2018-10612" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ICS CERT", "id": "ICSA-18-352-03", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2018-10612", "trust": 2.8 }, { "db": "BID", "id": "106248", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2018-014602", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201812-788", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2018-10612", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-10612" }, { "db": "BID", "id": "106248" }, { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "NVD", "id": "CVE-2018-10612" }, { "db": "CNNVD", "id": "CNNVD-201812-788" } ] }, "id": "VAR-201901-0452", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.24064171 }, "last_update_date": "2023-12-18T13:48:03.069000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.codesys.com/" }, { "title": "Multiple 3S-Smart Software Solutions Product access control error vulnerability fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87999" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "CNNVD", "id": "CNNVD-201812-788" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-311", "trust": 1.0 }, { "problemtype": "CWE-732", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "NVD", "id": "CVE-2018-10612" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-03" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/106248" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10612" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10612" }, { "trust": 0.3, "url": "https://www.codesys.com/" }, { "trust": 0.3, "url": "https://customers.codesys.com/fileadmin/data/customers/security/codesys-security-whitepaper.pdf" }, { "trust": 0.3, "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-035-codesys-control-v3-access-control-inactive-by-default/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/311.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/732.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-10612" }, { "db": "BID", "id": "106248" }, { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "NVD", "id": "CVE-2018-10612" }, { "db": "CNNVD", "id": "CNNVD-201812-788" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2018-10612" }, { "db": "BID", "id": "106248" }, { "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "db": "NVD", "id": "CVE-2018-10612" }, { "db": "CNNVD", "id": "CNNVD-201812-788" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-29T00:00:00", "db": "VULMON", "id": "CVE-2018-10612" }, { "date": "2018-12-18T00:00:00", "db": "BID", "id": "106248" }, { "date": "2019-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "date": "2019-01-29T16:29:00.247000", "db": "NVD", "id": "CVE-2018-10612" }, { "date": "2018-12-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-788" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2018-10612" }, { "date": "2018-12-18T00:00:00", "db": "BID", "id": "106248" }, { "date": "2019-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014602" }, { "date": "2019-10-09T23:32:55.087000", "db": "NVD", "id": "CVE-2018-10612" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201812-788" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-788" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "3S-Smart Software Solutions GmbH CODESYS Control V3 Access control vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014602" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "access control error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201812-788" } ], "trust": 0.6 } }
var-202105-1032
Vulnerability from variot
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 3s-smart Software Solutions 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products by German 3S-Smart Software Solutions (3s-smart Software Solutions)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1032", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "control for raspberry pi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "edge gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.16.70" }, { "model": "control runtime system toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control runtime system toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.16.70" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.1.0.0" }, { "model": "control for iot2000 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.16.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.0.1.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.16.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.0.1.0" }, { "model": "control for linux sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc200 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.0.1.0" }, { "model": "development system", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.16.70" }, { "model": "control for beaglebone sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.16.70" }, { "model": "control for empc-a\\/imx6 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.0.1.0" }, { "model": "development system", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.0.1.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29241" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.16.70", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.16.70", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "3.5.16.70", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.16.70", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-29241" } ] }, "cve": "CVE-2021-29241", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-388814", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-29241", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-29241", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202105-051", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-388814", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-29241", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-388814" }, { "db": "VULMON", "id": "CVE-2021-29241" }, { "db": "NVD", "id": "CVE-2021-29241" }, { "db": "CNNVD", "id": "CNNVD-202105-051" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 3s-smart Software Solutions 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products by German 3S-Smart Software Solutions (3s-smart Software Solutions)", "sources": [ { "db": "NVD", "id": "CVE-2021-29241" }, { "db": "VULHUB", "id": "VHN-388814" }, { "db": "VULMON", "id": "CVE-2021-29241" } ], "trust": 1.08 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-29241", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-202105-051", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-388814", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-29241", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388814" }, { "db": "VULMON", "id": "CVE-2021-29241" }, { "db": "NVD", "id": "CVE-2021-29241" }, { "db": "CNNVD", "id": "CNNVD-202105-051" } ] }, "id": "VAR-202105-1032", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-388814" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:49:12.306000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "3S-Smart Software Solutions CODESYS Gateway Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=150531" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-051" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388814" }, { "db": "NVD", "id": "CVE-2021-29241" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://customers.codesys.com/index.php" }, { "trust": 1.8, "url": "https://www.codesys.com/security/security-reports.html" }, { "trust": 1.7, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download=" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29241" }, { "trust": 0.1, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=14637\u0026amp;token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026amp;download=" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-388814" }, { "db": "VULMON", "id": "CVE-2021-29241" }, { "db": "NVD", "id": "CVE-2021-29241" }, { "db": "CNNVD", "id": "CNNVD-202105-051" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-388814" }, { "db": "VULMON", "id": "CVE-2021-29241" }, { "db": "NVD", "id": "CVE-2021-29241" }, { "db": "CNNVD", "id": "CNNVD-202105-051" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-05-03T00:00:00", "db": "VULHUB", "id": "VHN-388814" }, { "date": "2021-05-03T00:00:00", "db": "VULMON", "id": "CVE-2021-29241" }, { "date": "2021-05-03T14:15:07.633000", "db": "NVD", "id": "CVE-2021-29241" }, { "date": "2021-05-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-051" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-01T00:00:00", "db": "VULHUB", "id": "VHN-388814" }, { "date": "2021-05-13T00:00:00", "db": "VULMON", "id": "CVE-2021-29241" }, { "date": "2022-04-01T15:26:04.663000", "db": "NVD", "id": "CVE-2021-29241" }, { "date": "2021-12-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-051" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-051" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CODESYS Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-051" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-051" } ], "trust": 0.6 } }
var-201908-0055
Vulnerability from variot
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0055", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "control for raspberry pi sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control runtime toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "development system", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for iot2000 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control runtime toolkit", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for linux sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc200 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for beaglebone sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "gateway", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "development system", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.14.20" }, { "model": "codesys control for beaglebone", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for empc-a/imx6", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for iot2000", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for linux", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for pfc100", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for pfc200", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control for raspberry pi", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys control runtime system toolkit", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys development system", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" }, { "model": "codesys gateway", "scope": "lt", "trust": 0.8, "vendor": "3s smart", "version": "3.5.14.20" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "NVD", "id": "CVE-2019-9010" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.14.20", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-9010" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "3S-Smart Software Solutions GmbH", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-161" } ], "trust": 0.6 }, "cve": "CVE-2019-9010", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-9010", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-160445", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-9010", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-9010", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201908-161", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-160445", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160445" }, { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "NVD", "id": "CVE-2019-9010" }, { "db": "CNNVD", "id": "CNNVD-201908-161" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement", "sources": [ { "db": "NVD", "id": "CVE-2019-9010" }, { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "CNNVD", "id": "CNNVD-201908-161" }, { "db": "VULHUB", "id": "VHN-160445" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-9010", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-19-213-03", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-008668", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-161", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-19-213-04", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2901", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-160445", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160445" }, { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "NVD", "id": "CVE-2019-9010" }, { "db": "CNNVD", "id": "CNNVD-201908-161" } ] }, "id": "VAR-201908-0055", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160445" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T13:18:39.876000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.codesys.com/" }, { "title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95921" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "CNNVD", "id": "CNNVD-201908-161" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160445" }, { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "NVD", "id": "CVE-2019-9010" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03" }, { "trust": 1.6, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download=" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9010" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9010" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2901/" }, { "trust": 0.1, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12937\u0026amp;token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026amp;download=" } ], "sources": [ { "db": "VULHUB", "id": "VHN-160445" }, { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "NVD", "id": "CVE-2019-9010" }, { "db": "CNNVD", "id": "CNNVD-201908-161" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-160445" }, { "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "db": "NVD", "id": "CVE-2019-9010" }, { "db": "CNNVD", "id": "CNNVD-201908-161" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-15T00:00:00", "db": "VULHUB", "id": "VHN-160445" }, { "date": "2019-09-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "date": "2019-08-15T18:15:23.397000", "db": "NVD", "id": "CVE-2019-9010" }, { "date": "2019-08-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-161" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-23T00:00:00", "db": "VULHUB", "id": "VHN-160445" }, { "date": "2019-09-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008668" }, { "date": "2023-02-23T02:50:01.020000", "db": "NVD", "id": "CVE-2019-9010" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-161" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-161" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural 3S-Smart CODESYS Access control vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008668" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "access control error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-161" } ], "trust": 0.6 } }
var-202204-1265
Vulnerability from variot
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1265", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remote target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for wago touch panels 600 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "embedded target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control rte sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "hmi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "development system", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control win sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for plcnext sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for beckhoff cx9020", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "development system", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control rte sl \\", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control runtime system toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for empc-a/imx6 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for plcnext sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for iot2000 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "embedded target visu toolkit", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for linux sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control runtime system toolkit", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for pfc200 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "gateway", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for raspberry pi sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "hmi sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "development system", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for beaglebone sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control rte v3", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for beckhoff cx9020", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control win sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for wago touch panels 600 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for pfc100 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control rte sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "edge gateway", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "db": "NVD", "id": "CVE-2022-22517" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22517" } ] }, "cve": "CVE-2022-22517", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22517", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-411086", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22517", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22517", "trust": 1.8, "value": "HIGH" }, { "author": "info@cert.vde.com", "id": "CVE-2022-22517", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202204-2618", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-411086", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22517", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-411086" }, { "db": "VULMON", "id": "CVE-2022-22517" }, { "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "db": "CNNVD", "id": "CNNVD-202204-2618" }, { "db": "NVD", "id": "CVE-2022-22517" }, { "db": "NVD", "id": "CVE-2022-22517" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-22517" }, { "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "db": "VULHUB", "id": "VHN-411086" }, { "db": "VULMON", "id": "CVE-2022-22517" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22517", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-008139", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202204-2618", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-411086", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-22517", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411086" }, { "db": "VULMON", "id": "CVE-2022-22517" }, { "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "db": "CNNVD", "id": "CNNVD-202204-2618" }, { "db": "NVD", "id": "CVE-2022-22517" } ] }, "id": "VAR-202204-1265", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-411086" } ], "trust": 0.01 }, "last_update_date": "2024-02-13T22:51:30.883000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CODESYS Fixing measures for security feature vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=189797" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-rce " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22517" }, { "db": "CNNVD", "id": "CNNVD-202204-2618" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-330", "trust": 1.1 }, { "problemtype": "Insufficient use of random values (CWE-330) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411086" }, { "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "db": "NVD", "id": "CVE-2022-22517" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download=" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22517" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22517/" }, { "trust": 0.1, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17091\u0026amp;token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026amp;download=" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/330.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "VULHUB", "id": "VHN-411086" }, { "db": "VULMON", "id": "CVE-2022-22517" }, { "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "db": "CNNVD", "id": "CNNVD-202204-2618" }, { "db": "NVD", "id": "CVE-2022-22517" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-411086" }, { "db": "VULMON", "id": "CVE-2022-22517" }, { "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "db": "CNNVD", "id": "CNNVD-202204-2618" }, { "db": "NVD", "id": "CVE-2022-22517" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-07T00:00:00", "db": "VULHUB", "id": "VHN-411086" }, { "date": "2022-04-07T00:00:00", "db": "VULMON", "id": "CVE-2022-22517" }, { "date": "2023-07-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "date": "2022-04-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2618" }, { "date": "2022-04-07T19:15:08.300000", "db": "NVD", "id": "CVE-2022-22517" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-18T00:00:00", "db": "VULHUB", "id": "VHN-411086" }, { "date": "2022-04-18T00:00:00", "db": "VULMON", "id": "CVE-2022-22517" }, { "date": "2023-07-24T08:23:00", "db": "JVNDB", "id": "JVNDB-2022-008139" }, { "date": "2022-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2618" }, { "date": "2022-04-18T13:19:10.013000", "db": "NVD", "id": "CVE-2022-22517" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2618" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Insufficient Random Value Usage Vulnerability in Products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-008139" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "security feature problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2618" } ], "trust": 0.6 } }
var-202204-0725
Vulnerability from variot
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0725", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remote target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for wago touch panels 600 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "embedded target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control rte sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "hmi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "development system", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control win sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for plcnext sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for beckhoff cx9020", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "development system", "scope": "gte", "trust": 1.0, "vendor": "codesys", "version": "3.0" }, { "model": "control rte sl \\", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control runtime system toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for empc-a/imx6 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for plcnext sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for iot2000 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "embedded target visu toolkit", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for linux sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control runtime system toolkit", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for pfc200 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "gateway", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for raspberry pi sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "hmi sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "development system", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for beaglebone sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control rte v3", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for beckhoff cx9020", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control win sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for wago touch panels 600 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for pfc100 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control rte sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "edge gateway", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "db": "NVD", "id": "CVE-2022-22514" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22514" } ] }, "cve": "CVE-2022-22514", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.9, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22514", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-411083", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22514", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22514", "trust": 1.8, "value": "HIGH" }, { "author": "info@cert.vde.com", "id": "CVE-2022-22514", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202204-2621", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-411083", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-22514", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-411083" }, { "db": "VULMON", "id": "CVE-2022-22514" }, { "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "db": "CNNVD", "id": "CNNVD-202204-2621" }, { "db": "NVD", "id": "CVE-2022-22514" }, { "db": "NVD", "id": "CVE-2022-22514" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-22514" }, { "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "db": "VULHUB", "id": "VHN-411083" }, { "db": "VULMON", "id": "CVE-2022-22514" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22514", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-008142", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202204-2621", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-411083", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-22514", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411083" }, { "db": "VULMON", "id": "CVE-2022-22514" }, { "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "db": "CNNVD", "id": "CNNVD-202204-2621" }, { "db": "NVD", "id": "CVE-2022-22514" } ] }, "id": "VAR-202204-0725", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-411083" } ], "trust": 0.01 }, "last_update_date": "2024-02-13T22:43:19.375000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CODESYS Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=189800" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-rce " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22514" }, { "db": "CNNVD", "id": "CNNVD-202204-2621" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-822", "trust": 1.1 }, { "problemtype": "unreliable pointer dereference (CWE-822) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411083" }, { "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "db": "NVD", "id": "CVE-2022-22514" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22514" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22514/" }, { "trust": 0.1, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download=" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "VULHUB", "id": "VHN-411083" }, { "db": "VULMON", "id": "CVE-2022-22514" }, { "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "db": "CNNVD", "id": "CNNVD-202204-2621" }, { "db": "NVD", "id": "CVE-2022-22514" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-411083" }, { "db": "VULMON", "id": "CVE-2022-22514" }, { "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "db": "CNNVD", "id": "CNNVD-202204-2621" }, { "db": "NVD", "id": "CVE-2022-22514" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-07T00:00:00", "db": "VULHUB", "id": "VHN-411083" }, { "date": "2022-04-07T00:00:00", "db": "VULMON", "id": "CVE-2022-22514" }, { "date": "2023-07-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "date": "2022-04-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2621" }, { "date": "2022-04-07T19:15:08.133000", "db": "NVD", "id": "CVE-2022-22514" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-10T00:00:00", "db": "VULHUB", "id": "VHN-411083" }, { "date": "2022-05-10T00:00:00", "db": "VULMON", "id": "CVE-2022-22514" }, { "date": "2023-07-24T08:23:00", "db": "JVNDB", "id": "JVNDB-2022-008142" }, { "date": "2022-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2621" }, { "date": "2022-05-10T16:01:13.887000", "db": "NVD", "id": "CVE-2022-22514" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2621" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product Untrusted Pointer Dereference Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-008142" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2621" } ], "trust": 0.6 } }
var-202204-1264
Vulnerability from variot
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1264", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "remote target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for wago touch panels 600 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "embedded target visu toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control rte sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for raspberry pi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for iot2000 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "hmi sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "development system", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control win sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for pfc100 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for plcnext sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for pfc200 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for beckhoff cx9020", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for empc-a\\/imx6 sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control for linux sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "edge gateway", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control for beaglebone sl", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "4.5.0.0" }, { "model": "control rte sl \\", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control runtime system toolkit", "scope": "lt", "trust": 1.0, "vendor": "codesys", "version": "3.5.18.0" }, { "model": "control runtime system toolkit", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "gateway", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "embedded target visu toolkit", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for wago touch panels 600 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for beaglebone sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for plcnext sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control rte sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for pfc200 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for raspberry pi sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control rte v3", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for empc-a/imx6 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control win sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for linux sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for beckhoff cx9020", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "edge gateway", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "development system", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "hmi sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for iot2000 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null }, { "model": "control for pfc100 sl", "scope": null, "trust": 0.8, "vendor": "codesys", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "db": "NVD", "id": "CVE-2022-22513" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "cpe_name": [], "versionEndExcluding": "4.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.18.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22513" } ] }, "cve": "CVE-2022-22513", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22513", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-411082", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-22513", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22513", "trust": 1.8, "value": "MEDIUM" }, { "author": "info@cert.vde.com", "id": "CVE-2022-22513", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202204-2623", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-411082", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2022-22513", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-411082" }, { "db": "VULMON", "id": "CVE-2022-22513" }, { "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "db": "CNNVD", "id": "CNNVD-202204-2623" }, { "db": "NVD", "id": "CVE-2022-22513" }, { "db": "NVD", "id": "CVE-2022-22513" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-22513" }, { "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "db": "VULHUB", "id": "VHN-411082" }, { "db": "VULMON", "id": "CVE-2022-22513" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22513", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-007941", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202204-2623", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-411082", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-22513", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411082" }, { "db": "VULMON", "id": "CVE-2022-22513" }, { "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "db": "CNNVD", "id": "CNNVD-202204-2623" }, { "db": "NVD", "id": "CVE-2022-22513" } ] }, "id": "VAR-202204-1264", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-411082" } ], "trust": 0.01 }, "last_update_date": "2024-02-13T02:02:06.943000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CODESYS Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=189579" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-rce " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22513" }, { "db": "CNNVD", "id": "CNNVD-202204-2623" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "NULL Pointer dereference (CWE-476) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411082" }, { "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "db": "NVD", "id": "CVE-2022-22513" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22513" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22513/" }, { "trust": 0.1, "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download=" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "VULHUB", "id": "VHN-411082" }, { "db": "VULMON", "id": "CVE-2022-22513" }, { "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "db": "CNNVD", "id": "CNNVD-202204-2623" }, { "db": "NVD", "id": "CVE-2022-22513" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-411082" }, { "db": "VULMON", "id": "CVE-2022-22513" }, { "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "db": "CNNVD", "id": "CNNVD-202204-2623" }, { "db": "NVD", "id": "CVE-2022-22513" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-07T00:00:00", "db": "VULHUB", "id": "VHN-411082" }, { "date": "2022-04-07T00:00:00", "db": "VULMON", "id": "CVE-2022-22513" }, { "date": "2023-07-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "date": "2022-04-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2623" }, { "date": "2022-04-07T19:15:08.073000", "db": "NVD", "id": "CVE-2022-22513" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-10T00:00:00", "db": "VULHUB", "id": "VHN-411082" }, { "date": "2022-05-10T00:00:00", "db": "VULMON", "id": "CVE-2022-22513" }, { "date": "2023-07-21T08:18:00", "db": "JVNDB", "id": "JVNDB-2022-007941" }, { "date": "2022-04-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2623" }, { "date": "2022-05-10T16:00:33.080000", "db": "NVD", "id": "CVE-2022-22513" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2623" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-007941" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2623" } ], "trust": 0.6 } }
cve-2022-4224
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Control RTE (SL) ", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control Win (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Runtime Toolkit ", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Safety SIL2 Runtime Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Safety SIL2 PSP", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "HMI (SL) ", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Development System V3", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Control for BeagleBone SL ", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for IOT2000 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for Linux SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Control for PFC100 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Control for PFC200 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for PLCnext SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity" }, { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u0026nbsp;could utilize this vulnerability to read and modify system files and OS resources or DoS the device." } ], "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-09T10:47:13.144Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download=" } ], "source": { "defect": [ "CERT@VDE#64318" ], "discovery": "EXTERNAL" }, "title": "CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-4224", "datePublished": "2023-03-23T11:15:37.014Z", "dateReserved": "2022-11-30T06:54:13.183Z", "dateUpdated": "2024-08-03T01:34:49.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }