Search criteria
6 vulnerabilities found for control_v3_runtime_system_toolkit by codesys
FKIE_CVE-2018-25048
Vulnerability from fkie_nvd - Published: 2023-03-23 11:15 - Updated: 2024-11-21 04:03
Severity ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B29080C3-A6D8-40D6-8C24-177C00FA27F0",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B980C936-557F-4F14-A692-165129625A62",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D282ECAB-FA07-4A81-8F43-AC46A08422D4",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1C508C-6817-42E7-9B4C-CDCAC7477304",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1ECCA6D-3F95-4924-9CC6-7315B1608217",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "093C888E-8328-45E9-882C-39D7FBE8E251",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E767B6C-7762-4F3C-A8B0-BEC9C1C238D8",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDCE092-30E5-43FB-A20F-A712DFD7B1C3",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A47EA342-7BDA-4707-9A23-142126C407C1",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FE0CC3-99BF-46BF-907D-E8F2785310BB",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "157E617E-7432-464A-AEC4-29D3806FA2D2",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95B012B-C9B0-4E2A-934B-3ECDE463722E",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8931A117-72B6-4B1C-BF56-E7925D07A790",
"versionEndExcluding": "2.4.7.52",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "46335A20-A1BF-4E5B-BB1D-B7A4AFF6DB08",
"versionEndExcluding": "2.4.7.52",
"versionStartIncluding": "2.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3A8DFF-705F-4562-87CE-E899C5DC2D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD3AD40-BEE7-428D-B1F0-1349E10A9DD5",
"versionEndExcluding": "3.5.12.30",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."
}
],
"id": "CVE-2018-25048",
"lastModified": "2024-11-21T04:03:26.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2023-03-23T11:15:12.730",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Not Applicable"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
FKIE_CVE-2020-12069
Vulnerability from fkie_nvd - Published: 2022-12-26 19:15 - Updated: 2025-05-05 14:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pilz:pmc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1603B9DF-B514-409E-BCB4-9366F9457EB7",
"versionEndExcluding": "3.5.17",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7492683-673C-495F-9748-E3467F547F3B",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_rte_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14130B51-A172-4F7B-8C66-EC77BC88E7B7",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D33373-E3FC-468A-9CDC-9902C58A6506",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:control_win_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF3AC84-140D-4F59-8624-714F974DFE42",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:hmi_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "620EFF51-16DA-4A0F-AB32-E42D064EDC21",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:codesys:v3_simulation_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09EFCCBD-8961-4E2F-90F3-452EB2B354C1",
"versionEndExcluding": "3.5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5949D80D-9E1D-4F4C-A64F-3C24F77E1961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6479AA1B-D587-47F0-8695-CB3E9DFE96DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F17E63-45C3-48C7-916C-272FEB02E8C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6A2F0-0190-48FF-BB9A-C7651D92A24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB868741-D7A8-4DDB-A2A3-1074D6B9DD85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-lk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA82BF77-3362-46A9-8ED3-BD7A07779562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B703F63E-C0DA-4426-9378-3A7A6E3E5060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37695435-4E04-4B5E-8D85-B9786A740C07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:controller_cecc-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DFC73D-3164-402D-A7D0-D37610206F8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8217_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5412C2-6982-4A66-B440-51DEF02F2C11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B23CD8FD-FC7A-4E24-BF8F-648478D82645",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6766E924-B6F0-4B49-AC5C-4635DFFA9E52",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B854F74-173E-4523-BBA7-8FF7A9B9880E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8215_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1544BB-CDDE-4E32-8D64-F6A65DC2B6CC",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577EDC26-671C-4703-BBF0-FE93AFEA81E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1169B9-53BD-47CF-BF19-17DBC0703B51",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979A8E43-4285-4A7B-BB0B-E6888117862C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D4E7F6-CEAE-456D-AF2D-9A6B3D6B2F45",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4969E8EB-EF09-47B9-8F03-37BB87CFD048",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D577EB6B-E29C-4E0A-816F-0231ADA84A07",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20BBC380-0F6E-4400-93AF-5B6CFEF00562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A5FA7D-E0FF-4676-BFE8-70EF94C7C349",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD6B267-3E4B-4597-82A6-130D6F21C728",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5065C4C4-E09F-4B09-B2BD-2B8BC7451C3E",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E11758B-46C3-4E57-943A-C9C073AE5211",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7A7E-4E7E-4721-A30E-2629B700E184",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA98A0D9-B050-430B-96C5-15932438FD3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E97F6B2-2065-4726-88D9-80145F3C23C5",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A035FB07-360A-479D-A6B3-979CCE07A8D7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF14BE1-1EB5-423B-9FE7-E401AEF92553",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F174A297-EF2D-491D-BF24-02E52ABE1CCA",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC428EC8-532A-4825-BCE3-C42A4BC01C68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC08CA50-30F0-4970-A688-447FD6ABA0E7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23B02096-81A5-4823-94F3-D87F389397DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C24AAFAF-2BB2-4C90-A294-794D76FEF295",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A409E2AA-49AC-4967-8984-070FC9AD06E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C07A6921-5664-4DDB-BB9E-32375B6ADDAD",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3111C2A1-CABC-42BF-9EB1-66667A7269C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAFAAD6-8F69-4C71-8A88-CD9FDACF1485",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33C4EEF3-EB06-4A8E-9BB2-0FE0AC3A6B7C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4201\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6C8A59-2E86-4E4E-AABF-BFA48A4C5733",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4201\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E54B6A-82B1-4AFA-BBA0-1998B5DE0BBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4202\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6500D1ED-60AC-45E2-921B-5F7735B265BF",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4202\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09484C17-CD67-44E3-BA2D-0F718D888B0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F53B32B-C496-49AD-85F1-D7CA256FCE40",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5672E3-7B4C-4FAF-955E-04EEB9E5B210",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6951A92E-974E-4361-9551-CE5D58D82D14",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9E9B25-5C96-4665-9DC2-DD11905331AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4205\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86F222E9-8105-477C-BC4D-558751183C52",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4205\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A646213B-FF88-4A28-91B8-E21BD3710DF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4205\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E68AF4-175D-49A2-AD1C-002845FE0C3D",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4205\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2569546-AC58-420F-8FE6-90BA904DF6AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4206\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D621FF-BF0B-4E20-97A0-8A53C68C5A89",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4206\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39A1F780-B010-4C95-B1B8-3A2D34938223",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4206\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A5AE5B-619A-400F-B4B2-10884F64369F",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4206\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88834C9-E823-4B11-91D2-8E2264D5E3D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4301\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A57157-6B49-402E-9533-828E59C67649",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4301\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4302\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFADF5D8-9EAA-4D93-A4ED-315BE26D0BBA",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4302\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "523A4534-4A47-4E29-B33C-85C13B9523B1",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5421E8-67EA-4D0D-889F-A64DA70E7695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD6DA33-2CB6-483D-8F89-B8D0C6A73FA7",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB95678-6815-4FB6-AA22-E6FEC011B269",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4305\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6386C510-8897-4EF8-8A5C-EB869FEF98A1",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4305\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C67678-4BC4-417A-AD6E-FB60B0F7A384",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-4306\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94D29BB6-F958-4BD5-BFCB-A2B914C0885A",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-4306\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "082B2ECB-179E-4DE9-856F-EDDBB42AF318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0108A9FD-18D0-4D5B-92BE-641C81BFD17D",
"versionEndIncluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE3A7A-F96D-41B8-A150-BA5DC144DAA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2E2CCA-74C4-40E5-931B-AB307357D658",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EE3467-287E-4729-8C2B-3F43B92A49B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5205\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE8AF21-A70F-4EF5-A6A2-00C953B6181C",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5205\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13B53684-BFE1-4100-9624-A034119E7CAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5206\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1405E2-8561-4F3E-983C-C294BA6351CF",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5206\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD7B74F-71F9-4B0F-A9EB-EEA6FBEF81FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94443EB3-0519-4238-B637-4FDB0B20ACCE",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4FF612-453D-4287-8989-2779A6F6A0A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "833276FD-3A3B-4B83-94BA-589ADEF2010D",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80089A85-1174-4E47-BC36-69DD11A3FFF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5305\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D779360-F243-47C4-86A7-FF5020238F42",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5305\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91554389-BCF9-48EB-B198-A192BAE6206D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-5306\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151B1218-958A-4BE3-925F-D95F5ADCD942",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-5306\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E65CA42E-371C-407C-84F9-64AC3F02FFE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6201\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "334E43C5-CD20-4DCF-805D-34E75E4AE8C4",
"versionEndIncluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6201\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6202\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE9E55C-1241-40D2-9357-AF657BBEFB28",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6202\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4E78EB-C91E-4E92-AF9F-90300EE96E03",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6203\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1805464-9B11-41E3-A80A-8FC5299A6E50",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6203\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C98F37AB-BFC5-49C2-B8FD-21AA0266C703",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6204\\/8000-001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979D2D35-114F-4B23-A3E9-0F0A619B4AF9",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6204\\/8000-001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "422F9EEC-8516-4692-93DE-BB0F385D2BD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6301\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71DF0E46-8E22-49B5-B1E1-5B3CBAA7FD1E",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6301\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742F9265-3770-4B4E-A327-2202E2DAEA84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6302\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE1A9D-1A41-475C-83D7-E9E0105E70BC",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6302\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB659-7FF2-4272-9818-3517AC55BFFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6303\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C90343DF-DA2F-4AAE-AD85-AC715C838E47",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6303\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7E5506-BA01-4B6F-9475-3F2056019858",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:762-6304\\/8000-002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE417E0-9A5F-4C68-BF1B-10535FEF4B19",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:762-6304\\/8000-002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8E97AD-B5B4-4F54-A8B8-52E83F34C33D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:752-8303\\/8000-0002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0090E3E-5CB8-4363-9CA0-A9165910BD9A",
"versionEndExcluding": "03.06.19\\(18\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:752-8303\\/8000-0002:*:*:*:*:*:*:*:*",
"matchCriteriaId": "922FBB58-6D8C-42CC-AAB2-5372DF63C280",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
},
{
"lang": "es",
"value": "En los productos CODESYS V3 en todas las versiones anteriores a la V3.5.16.0 que contienen CmpUserMgr, el sistema de tiempo de ejecuci\u00f3n de CODESYS Control almacena las contrase\u00f1as de comunicaci\u00f3n en l\u00ednea utilizando un algoritmo hash d\u00e9bil. Esto puede ser utilizado por un atacante local con pocos privilegios para obtener el control total del dispositivo."
}
],
"id": "CVE-2020-12069",
"lastModified": "2025-05-05T14:15:00.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T19:15:10.520",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-25048 (GCVE-0-2018-25048)
Vulnerability from cvelistv5 – Published: 2023-03-23 10:45 – Updated: 2025-02-19 21:00
VLAI?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CODESYS | Control for BeagleBone |
Affected:
3.0.0.0 , < 3.5.12.30
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Prosoft-Systems Ltd.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T21:00:23.308028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T21:00:29.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for emPC-A/iMX6",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Simulation Runtime (part of the CODESYS Development System)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Remote Target Visu (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control V3 Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit 32 bit embedded",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.3.2.10",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.4.7.52",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.4.7.52",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Prosoft-Systems Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."
}
],
"value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T10:45:36.900Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#64324"
],
"discovery": "EXTERNAL"
},
"title": "Codesys Runtime Improper Limitation of a Pathname",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2018-25048",
"datePublished": "2023-03-23T10:45:36.900Z",
"dateReserved": "2022-12-07T12:06:08.365Z",
"dateUpdated": "2025-02-19T21:00:29.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12069 (GCVE-0-2020-12069)
Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:17
VLAI?
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
Severity ?
7.8 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS V3 containing the CmpUserMgr |
Affected:
V3 , < V3.5.16.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:17:42.834492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T16:17:54.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS V3 containing the CmpUserMgr",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.16.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T05:40:17.087Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS V3 prone to Inadequate Password Hashing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12069",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2020-04-22T00:00:00.000Z",
"dateUpdated": "2025-04-14T16:17:54.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25048 (GCVE-0-2018-25048)
Vulnerability from nvd – Published: 2023-03-23 10:45 – Updated: 2025-02-19 21:00
VLAI?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CODESYS | Control for BeagleBone |
Affected:
3.0.0.0 , < 3.5.12.30
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Prosoft-Systems Ltd.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T21:00:23.308028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T21:00:29.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Control for BeagleBone",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " Control for emPC-A/iMX6",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for IOT2000",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC100",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for PFC200",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control for Raspberry Pi",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control RTE V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control Win V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Simulation Runtime (part of the CODESYS Development System)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HMI V3 (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Remote Target Visu (all variants)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Control V3 Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V3 Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.12.30",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit 32 bit embedded",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.3.2.10",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.4.7.52",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Runtime PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.4.7.52",
"status": "affected",
"version": "2.0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Prosoft-Systems Ltd."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."
}
],
"value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T10:45:36.900Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"
}
],
"source": {
"defect": [
"CERT@VDE#64324"
],
"discovery": "EXTERNAL"
},
"title": "Codesys Runtime Improper Limitation of a Pathname",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2018-25048",
"datePublished": "2023-03-23T10:45:36.900Z",
"dateReserved": "2022-12-07T12:06:08.365Z",
"dateUpdated": "2025-02-19T21:00:29.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12069 (GCVE-0-2020-12069)
Vulnerability from nvd – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:17
VLAI?
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
Severity ?
7.8 (High)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS V3 containing the CmpUserMgr |
Affected:
V3 , < V3.5.16.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:17:42.834492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T16:17:54.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS V3 containing the CmpUserMgr",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.16.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T05:40:17.087Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS V3 prone to Inadequate Password Hashing",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12069",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2020-04-22T00:00:00.000Z",
"dateUpdated": "2025-04-14T16:17:54.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}