Search criteria
24 vulnerabilities found for control_for_plcnext by codesys
FKIE_CVE-2020-12069
Vulnerability from fkie_nvd - Published: 2022-12-26 19:15 - Updated: 2025-05-05 14:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pilz:pmc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1603B9DF-B514-409E-BCB4-9366F9457EB7",
"versionEndExcluding": "3.5.17",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7492683-673C-495F-9748-E3467F547F3B",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14130B51-A172-4F7B-8C66-EC77BC88E7B7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D33373-E3FC-468A-9CDC-9902C58A6506",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF3AC84-140D-4F59-8624-714F974DFE42",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620EFF51-16DA-4A0F-AB32-E42D064EDC21",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:v3_simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09EFCCBD-8961-4E2F-90F3-452EB2B354C1",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5949D80D-9E1D-4F4C-A64F-3C24F77E1961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6479AA1B-D587-47F0-8695-CB3E9DFE96DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F17E63-45C3-48C7-916C-272FEB02E8C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6A2F0-0190-48FF-BB9A-C7651D92A24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB868741-D7A8-4DDB-A2A3-1074D6B9DD85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-lk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA82BF77-3362-46A9-8ED3-BD7A07779562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B703F63E-C0DA-4426-9378-3A7A6E3E5060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37695435-4E04-4B5E-8D85-B9786A740C07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DFC73D-3164-402D-A7D0-D37610206F8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8217_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5412C2-6982-4A66-B440-51DEF02F2C11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B23CD8FD-FC7A-4E24-BF8F-648478D82645",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6766E924-B6F0-4B49-AC5C-4635DFFA9E52",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B854F74-173E-4523-BBA7-8FF7A9B9880E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8215_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1544BB-CDDE-4E32-8D64-F6A65DC2B6CC",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577EDC26-671C-4703-BBF0-FE93AFEA81E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1169B9-53BD-47CF-BF19-17DBC0703B51",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979A8E43-4285-4A7B-BB0B-E6888117862C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D4E7F6-CEAE-456D-AF2D-9A6B3D6B2F45",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4969E8EB-EF09-47B9-8F03-37BB87CFD048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D577EB6B-E29C-4E0A-816F-0231ADA84A07",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20BBC380-0F6E-4400-93AF-5B6CFEF00562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A5FA7D-E0FF-4676-BFE8-70EF94C7C349",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD6B267-3E4B-4597-82A6-130D6F21C728",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5065C4C4-E09F-4B09-B2BD-2B8BC7451C3E",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E11758B-46C3-4E57-943A-C9C073AE5211",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7A7E-4E7E-4721-A30E-2629B700E184",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA98A0D9-B050-430B-96C5-15932438FD3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E97F6B2-2065-4726-88D9-80145F3C23C5",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A035FB07-360A-479D-A6B3-979CCE07A8D7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF14BE1-1EB5-423B-9FE7-E401AEF92553",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F174A297-EF2D-491D-BF24-02E52ABE1CCA",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC428EC8-532A-4825-BCE3-C42A4BC01C68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC08CA50-30F0-4970-A688-447FD6ABA0E7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23B02096-81A5-4823-94F3-D87F389397DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C24AAFAF-2BB2-4C90-A294-794D76FEF295",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A409E2AA-49AC-4967-8984-070FC9AD06E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C07A6921-5664-4DDB-BB9E-32375B6ADDAD",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3111C2A1-CABC-42BF-9EB1-66667A7269C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAFAAD6-8F69-4C71-8A88-CD9FDACF1485",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33C4EEF3-EB06-4A8E-9BB2-0FE0AC3A6B7C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4201\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6C8A59-2E86-4E4E-AABF-BFA48A4C5733",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4201\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54B6A-82B1-4AFA-BBA0-1998B5DE0BBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4202\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6500D1ED-60AC-45E2-921B-5F7735B265BF",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4202\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09484C17-CD67-44E3-BA2D-0F718D888B0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F53B32B-C496-49AD-85F1-D7CA256FCE40",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5672E3-7B4C-4FAF-955E-04EEB9E5B210",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6951A92E-974E-4361-9551-CE5D58D82D14",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9E9B25-5C96-4665-9DC2-DD11905331AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4205\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86F222E9-8105-477C-BC4D-558751183C52",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4205\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A646213B-FF88-4A28-91B8-E21BD3710DF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4205\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E68AF4-175D-49A2-AD1C-002845FE0C3D",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4205\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2569546-AC58-420F-8FE6-90BA904DF6AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4206\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D621FF-BF0B-4E20-97A0-8A53C68C5A89",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4206\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1F780-B010-4C95-B1B8-3A2D34938223",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4206\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A5AE5B-619A-400F-B4B2-10884F64369F",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4206\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88834C9-E823-4B11-91D2-8E2264D5E3D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4301\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A57157-6B49-402E-9533-828E59C67649",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4301\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4302\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFADF5D8-9EAA-4D93-A4ED-315BE26D0BBA",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4302\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "523A4534-4A47-4E29-B33C-85C13B9523B1",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5421E8-67EA-4D0D-889F-A64DA70E7695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD6DA33-2CB6-483D-8F89-B8D0C6A73FA7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB95678-6815-4FB6-AA22-E6FEC011B269",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4305\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6386C510-8897-4EF8-8A5C-EB869FEF98A1",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4305\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C67678-4BC4-417A-AD6E-FB60B0F7A384",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4306\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94D29BB6-F958-4BD5-BFCB-A2B914C0885A",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4306\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "082B2ECB-179E-4DE9-856F-EDDBB42AF318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0108A9FD-18D0-4D5B-92BE-641C81BFD17D",
"versionEndIncluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE3A7A-F96D-41B8-A150-BA5DC144DAA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2E2CCA-74C4-40E5-931B-AB307357D658",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EE3467-287E-4729-8C2B-3F43B92A49B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5205\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE8AF21-A70F-4EF5-A6A2-00C953B6181C",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5205\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13B53684-BFE1-4100-9624-A034119E7CAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5206\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1405E2-8561-4F3E-983C-C294BA6351CF",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5206\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD7B74F-71F9-4B0F-A9EB-EEA6FBEF81FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94443EB3-0519-4238-B637-4FDB0B20ACCE",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4FF612-453D-4287-8989-2779A6F6A0A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "833276FD-3A3B-4B83-94BA-589ADEF2010D",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80089A85-1174-4E47-BC36-69DD11A3FFF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5305\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D779360-F243-47C4-86A7-FF5020238F42",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5305\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91554389-BCF9-48EB-B198-A192BAE6206D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5306\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151B1218-958A-4BE3-925F-D95F5ADCD942",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5306\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E65CA42E-371C-407C-84F9-64AC3F02FFE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6201\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334E43C5-CD20-4DCF-805D-34E75E4AE8C4",
"versionEndIncluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6201\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6202\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE9E55C-1241-40D2-9357-AF657BBEFB28",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6202\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4E78EB-C91E-4E92-AF9F-90300EE96E03",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1805464-9B11-41E3-A80A-8FC5299A6E50",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C98F37AB-BFC5-49C2-B8FD-21AA0266C703",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979D2D35-114F-4B23-A3E9-0F0A619B4AF9",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "422F9EEC-8516-4692-93DE-BB0F385D2BD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6301\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71DF0E46-8E22-49B5-B1E1-5B3CBAA7FD1E",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6301\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742F9265-3770-4B4E-A327-2202E2DAEA84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6302\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE1A9D-1A41-475C-83D7-E9E0105E70BC",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6302\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB659-7FF2-4272-9818-3517AC55BFFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C90343DF-DA2F-4AAE-AD85-AC715C838E47",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7E5506-BA01-4B6F-9475-3F2056019858",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE417E0-9A5F-4C68-BF1B-10535FEF4B19",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E97AD-B5B4-4F54-A8B8-52E83F34C33D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:752-8303\\/8000-0002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0090E3E-5CB8-4363-9CA0-A9165910BD9A",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:752-8303\\/8000-0002:*:*:*:*:*:*:*:*",
"matchCriteriaId": "922FBB58-6D8C-42CC-AAB2-5372DF63C280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
},
{
"lang": "es",
"value": "En los productos CODESYS V3 en todas las versiones anteriores a la V3.5.16.0 que contienen CmpUserMgr, el sistema de tiempo de ejecuci\u00f3n de CODESYS Control almacena las contrase\u00f1as de comunicaci\u00f3n en l\u00ednea utilizando un algoritmo hash d\u00e9bil. Esto puede ser utilizado por un atacante local con pocos privilegios para obtener el control total del dispositivo."
}
],
"id": "CVE-2020-12069",
"lastModified": "2025-05-05T14:15:00.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T19:15:10.520",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30791
Vulnerability from fkie_nvd - Published: 2022-07-11 11:15 - Updated: 2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
},
{
"lang": "es",
"value": "En CmpBlkDrvTcp de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no est\u00e1n afectadas"
}
],
"id": "CVE-2022-30791",
"lastModified": "2024-11-21T07:03:23.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-11T11:15:08.177",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-30792
Vulnerability from fkie_nvd - Published: 2022-07-11 11:15 - Updated: 2024-11-21 07:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062",
"versionEndExcluding": "4.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30",
"versionEndExcluding": "4.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F",
"versionEndExcluding": "3.5.18.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
},
{
"lang": "es",
"value": "En CmpChannelServer de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicaci\u00f3n. Las conexiones existentes no est\u00e1n afectadas"
}
],
"id": "CVE-2022-30792",
"lastModified": "2024-11-21T07:03:23.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-07-11T11:15:08.240",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
FKIE_CVE-2020-15806
Vulnerability from fkie_nvd - Published: 2020-07-22 19:15 - Updated: 2024-11-21 05:06
Severity ?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.codesys.com | Vendor Advisory | |
| cve@mitre.org | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.codesys.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-46 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE57E7D-63C1-470F-A95B-B9DA3A586E04",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5F06D0-5224-4D76-A856-9AB57BF87D59",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB388FBB-8512-4FCE-A754-A82239A911B9",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41722BB1-40F6-4D12-9A00-156D04C92097",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E56A636-9DC3-411D-B287-308A2BAC759D",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82614FBA-2612-4FA4-988B-D67E80B5DDA7",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "387FB2B8-5435-4054-94A4-0AE60A42FB0C",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7517E0-0D9C-4AA8-B8A9-7F1420FE4616",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C80CDF5-5264-41CD-A475-E46C3E941F4A",
"versionEndExcluding": "3.5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*",
"matchCriteriaId": "6097C902-F24A-4408-8E2C-C90F0AB67E13",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "2DDE8129-4CEE-440B-B0D1-29BB93D1ACE8",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF52B1D-7AF9-4DAD-A8E7-6CB7CC060E08",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E86A4C83-B82D-4D2F-96C6-C8F66B7AB947",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.9.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "890104AC-5CB4-466D-9CC0-F39E8B24BD9D",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE9850A-47B3-4C37-90C0-FF9516DF025F",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31C2638C-D4C4-4C71-A873-E7836802E6FE",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A09DAE1-678B-49A2-88CE-CFF4F514673E",
"versionEndExcluding": "3.5.16.10",
"versionStartIncluding": "3.5.9.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
},
{
"lang": "es",
"value": "El sistema del tiempo de ejecuci\u00f3n de Control CODESYS, versiones anteriores a 3.5.16.10, permite una Asignaci\u00f3n de Memoria No Controlada"
}
],
"id": "CVE-2020-15806",
"lastModified": "2024-11-21T05:06:13.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-22T19:15:12.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.codesys.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-12068
Vulnerability from fkie_nvd - Published: 2020-05-14 21:15 - Updated: 2024-11-21 04:59
Severity ?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAF3E76-D917-48FA-BE80-7CEF592359F3",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977B88F5-FA46-41A6-B65E-034EEBA19755",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E1A555-20F2-4C1D-824C-9BFE5A8C1184",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB53F8-F076-41FB-B556-077F99584B76",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B23429-F3C9-4414-A3C8-FDEA5D0DFE96",
"versionEndExcluding": "3.5.16.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios."
}
],
"id": "CVE-2020-12068",
"lastModified": "2024-11-21T04:59:12.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T21:15:13.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.codesys.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.codesys.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-10245
Vulnerability from fkie_nvd - Published: 2020-03-26 04:15 - Updated: 2024-11-21 04:55
Severity ?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA61ACB-5690-42D7-8420-E77E58D5BA4D",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FB5ED1-0B3C-4426-AC3E-621C230AE38C",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1477C3BF-2636-4D41-B951-CED7CAE6731A",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82047F2C-2D3D-4D6C-9DAE-512BD9639747",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E832FD04-9206-4881-8695-8FA7FE788EE7",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C21D2A80-B830-483F-A748-2F082D369C73",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD92E41-9C0A-47E0-8B90-181A2ECC4627",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "491C7EFF-D620-40EB-B112-9D0B2AC62B76",
"versionEndExcluding": "3.5.15.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75BA05C4-3066-4354-9F99-232D181D0CA6",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "D3281307-8315-42A5-84FD-C683C54B603A",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E095D809-8408-4FEE-874F-1F021EC7E97E",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43EBED50-DFA9-430B-8B3C-8994E2E43470",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.9.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93ACEEA3-B958-4070-86F0-5C84869A13E7",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CF0416-A09F-46CF-8285-A46E7F1A2F8C",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC06C9A-3D60-46FF-BCF4-B1C472DB3850",
"versionEndExcluding": "3.5.15.40",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
},
{
"lang": "es",
"value": "El servidor web CODESYS versiones V3 anteriores a 3.5.15.40, como es usado en los sistemas de tiempo de ejecuci\u00f3n CODESYS Control, presenta un desbordamiento del b\u00fafer."
}
],
"id": "CVE-2020-10245",
"lastModified": "2024-11-21T04:55:03.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-26T04:15:11.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7052
Vulnerability from fkie_nvd - Published: 2020-01-24 20:15 - Updated: 2024-11-21 05:36
Severity ?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E5BF9F-79C9-48D3-9F2D-CCDF73144FCA",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "221CAFE3-1BC7-4CAC-B3F8-981B3F267CFE",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B048CEB-E1D0-4EF1-9BD3-966CB9E147D8",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A72217A3-4591-4C52-AB37-7FD652276569",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51EFD6C4-C1AC-45D7-909F-6B074B32090E",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1B75F5-F426-4877-9004-1F714B2A4968",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F150E51-4E03-40A8-8099-E5BE13234DD9",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D839D59-8090-4158-A2C2-847DEDD9674D",
"versionEndExcluding": "3.5.15.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E278A9AE-5684-4F7E-B253-0F70CA835322",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*",
"matchCriteriaId": "650315EF-4AC2-4B5B-A5A1-8ABBE6C398B6",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C46635-3068-4DDA-8527-2E473763E652",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F22E48-0C8D-47C2-8C88-F35ED1027465",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.9.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A487191-D2CD-484B-88D3-C7A1EFD8C19B",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3462D2-9AA7-4046-B491-36A2A9970BA7",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4FCCC9-6069-47D6-AB46-65697F7AE58D",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "375689F5-9B58-491C-BD1C-2CF5C9CEB474",
"versionEndExcluding": "3.5.15.30",
"versionStartIncluding": "3.5.9.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
},
{
"lang": "es",
"value": "CODESYS Control versi\u00f3n V3, Gateway versi\u00f3n V3 y HMI versiones V3 anteriores a 3.5.15.30, permiten una asignaci\u00f3n de memoria no controlada que puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio remota."
}
],
"id": "CVE-2020-7052",
"lastModified": "2024-11-21T05:36:34.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T20:15:10.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18858
Vulnerability from fkie_nvd - Published: 2019-11-20 18:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC6B28E-A811-41B3-8211-5C00F43501B0",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C35E21FB-D148-4295-8F6E-250276198B78",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3FD146-88C2-4091-9A95-5F1734B4FBC9",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A300E3F-5BF6-455E-ADDC-D7443254F049",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1502A884-95A6-4587-8EFA-82374251CD3A",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02BEA387-FF44-4AF9-8B80-CD8D6E7F4549",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D16B0FB-C69F-4D02-9598-22ADD027D9AA",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D956E-7844-4F3D-BF27-E38E5D2B0A68",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFC3A8-1D5C-486E-97CB-0F38E9874B96",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02ED0463-8628-488A-B931-683A2C0205B9",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFF4CBE-6291-479D-BC3C-379C7F7D8337",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D32C64-2C59-461B-8E33-A4EDF31E886E",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95BE3C03-7A36-4AD8-B5E9-BD91BD729B72",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1451AE82-855F-425C-9C30-2B96F4B8F2EC",
"versionEndExcluding": "3.5.15.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
},
{
"lang": "es",
"value": "El servidor web CODESYS 3 versiones anteriores a la versi\u00f3n 3.5.15.20, distribuido con los sistemas de tiempo de ejecuci\u00f3n CODESYS Control, tiene un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2019-18858",
"lastModified": "2024-11-21T04:33:43.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T18:15:10.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-12069 (GCVE-0-2020-12069)
Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:17
VLAI?
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
Severity ?
7.8 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS V3 containing the CmpUserMgr |
Affected:
V3 , < V3.5.16.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:17:42.834492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T16:17:54.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS V3 containing the CmpUserMgr",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.16.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T05:40:17.087Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS V3 prone to Inadequate Password Hashing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12069",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2020-04-22T00:00:00.000Z",
"dateUpdated": "2025-04-14T16:17:54.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30792 (GCVE-0-2022-30792)
Vulnerability from cvelistv5 – Published: 2022-07-11 10:40 – Updated: 2024-09-16 23:05
VLAI?
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:43",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30792",
"STATE": "PUBLIC",
"TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30792",
"datePublished": "2022-07-11T10:40:43.935648Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30791 (GCVE-0-2022-30791)
Vulnerability from cvelistv5 – Published: 2022-07-11 10:40 – Updated: 2024-09-16 16:48
VLAI?
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30791",
"STATE": "PUBLIC",
"TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30791",
"datePublished": "2022-07-11T10:40:38.913416Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15806 (GCVE-0-2020-15806)
Vulnerability from cvelistv5 – Published: 2020-07-22 18:14 – Updated: 2024-08-04 13:30
VLAI?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T22:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codesys.com",
"refsource": "MISC",
"url": "https://www.codesys.com"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"name": "https://www.tenable.com/security/research/tra-2020-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15806",
"datePublished": "2020-07-22T18:14:43",
"dateReserved": "2020-07-17T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12068 (GCVE-0-2020-12068)
Vulnerability from cvelistv5 – Published: 2020-05-14 20:29 – Updated: 2024-08-04 11:48
VLAI?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:29:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codesys.com",
"refsource": "MISC",
"url": "https://www.codesys.com"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12068",
"datePublished": "2020-05-14T20:29:21",
"dateReserved": "2020-04-22T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10245 (GCVE-0-2020-10245)
Vulnerability from cvelistv5 – Published: 2020-03-26 03:45 – Updated: 2024-08-04 10:58
VLAI?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T03:49:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10245",
"datePublished": "2020-03-26T03:45:20",
"dateReserved": "2020-03-09T00:00:00",
"dateUpdated": "2024-08-04T10:58:39.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7052 (GCVE-0-2020-7052)
Vulnerability from cvelistv5 – Published: 2020-01-24 19:31 – Updated: 2024-08-04 09:18
VLAI?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T19:31:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7052",
"datePublished": "2020-01-24T19:31:59",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18858 (GCVE-0-2019-18858)
Vulnerability from cvelistv5 – Published: 2019-11-20 17:04 – Updated: 2024-08-05 02:02
VLAI?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T20:07:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf",
"refsource": "MISC",
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-48",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18858",
"datePublished": "2019-11-20T17:04:25",
"dateReserved": "2019-11-11T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12069 (GCVE-0-2020-12069)
Vulnerability from nvd – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:17
VLAI?
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
Severity ?
7.8 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS V3 containing the CmpUserMgr |
Affected:
V3 , < V3.5.16.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:17:42.834492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T16:17:54.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS V3 containing the CmpUserMgr",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.16.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T05:40:17.087Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS V3 prone to Inadequate Password Hashing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12069",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2020-04-22T00:00:00.000Z",
"dateUpdated": "2025-04-14T16:17:54.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30792 (GCVE-0-2022-30792)
Vulnerability from nvd – Published: 2022-07-11 10:40 – Updated: 2024-09-16 23:05
VLAI?
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:43",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30792",
"STATE": "PUBLIC",
"TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30792",
"datePublished": "2022-07-11T10:40:43.935648Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30791 (GCVE-0-2022-30791)
Vulnerability from nvd – Published: 2022-07-11 10:40 – Updated: 2024-09-16 16:48
VLAI?
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30791",
"STATE": "PUBLIC",
"TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30791",
"datePublished": "2022-07-11T10:40:38.913416Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15806 (GCVE-0-2020-15806)
Vulnerability from nvd – Published: 2020-07-22 18:14 – Updated: 2024-08-04 13:30
VLAI?
Summary
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T22:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codesys.com",
"refsource": "MISC",
"url": "https://www.codesys.com"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13199\u0026token=3e283c3e73fed61f7c181a7fa1169477efaf0c58\u0026download="
},
{
"name": "https://www.tenable.com/security/research/tra-2020-46",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-46"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15806",
"datePublished": "2020-07-22T18:14:43",
"dateReserved": "2020-07-17T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12068 (GCVE-0-2020-12068)
Vulnerability from nvd – Published: 2020-05-14 20:29 – Updated: 2024-08-04 11:48
VLAI?
Summary
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T20:29:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.codesys.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codesys.com",
"refsource": "MISC",
"url": "https://www.codesys.com"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13136\u0026token=c267875c01ea70bc9613bc39c684eedc17f55420\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12068",
"datePublished": "2020-05-14T20:29:21",
"dateReserved": "2020-04-22T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10245 (GCVE-0-2020-10245)
Vulnerability from nvd – Published: 2020-03-26 03:45 – Updated: 2024-08-04 10:58
VLAI?
Summary
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T03:49:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-16"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=13078\u0026token=de344ca65252463cc581ef144e0c53bd97b8f211\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10245",
"datePublished": "2020-03-26T03:45:20",
"dateReserved": "2020-03-09T00:00:00",
"dateUpdated": "2024-08-04T10:58:39.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7052 (GCVE-0-2020-7052)
Vulnerability from nvd – Published: 2020-01-24 19:31 – Updated: 2024-08-04 09:18
VLAI?
Summary
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T19:31:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7052",
"datePublished": "2020-01-24T19:31:59",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18858 (GCVE-0-2019-18858)
Vulnerability from nvd – Published: 2019-11-20 17:04 – Updated: 2024-08-05 02:02
VLAI?
Summary
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T20:07:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf",
"refsource": "MISC",
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-48",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18858",
"datePublished": "2019-11-20T17:04:25",
"dateReserved": "2019-11-11T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}