Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-6081 (GCVE-0-2020-6081)
Vulnerability from cvelistv5 – Published: 2020-05-07 12:22 – Updated: 2024-08-04 08:47
VLAI?
EPSS
Summary
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
Severity ?
9.9 (Critical)
CWE
- remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3S",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:40.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3S",
"version": {
"version_data": [
{
"version_value": "3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.9,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6081",
"datePublished": "2020-05-07T12:22:11.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:codesys:runtime:3.5.14.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25D5C6D1-EDAB-4CFF-833B-D46A5FD56FAC\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo explotable en la funcionalidad PLC_Task de 3S-Smart Software Solutions GmbH CODESYS Runtime versi\\u00f3n 3.5.14.30. Una petici\\u00f3n de red especialmente dise\\u00f1ada puede causar una ejecuci\\u00f3n de c\\u00f3digo remota. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad.\"}]",
"id": "CVE-2020-6081",
"lastModified": "2024-11-21T05:35:03.507",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-05-07T13:15:12.233",
"references": "[{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-6081\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2020-05-07T13:15:12.233\",\"lastModified\":\"2024-11-21T05:35:03.507\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo explotable en la funcionalidad PLC_Task de 3S-Smart Software Solutions GmbH CODESYS Runtime versi\u00f3n 3.5.14.30. Una petici\u00f3n de red especialmente dise\u00f1ada puede causar una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:runtime:3.5.14.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25D5C6D1-EDAB-4CFF-833B-D46A5FD56FAC\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
VDE-2022-035
Vulnerability from csaf_wagogmbhcokg - Published: 2022-08-17 08:00 - Updated: 2022-08-17 08:00Summary
WAGO: Multiple product series affected by multiple CODESYS vulnerabilities
Notes
Summary: Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.
Impact: Please consult the CVE entries for further information.
Mitigation: • We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.
• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.
• The affected products of the CC100 family will receive a patched Version approximately in 09/22.
In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
7.5 (High)
Mitigation
• We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.
• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.
• The affected products of the CC100 family will receive a patched Version approximately in 09/22.
In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
9.8 (Critical)
Mitigation
• We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.
• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.
• The affected products of the CC100 family will receive a patched Version approximately in 09/22.
In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
7.5 (High)
Mitigation
• We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.
• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.
• The affected products of the CC100 family will receive a patched Version approximately in 09/22.
In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
8.8 (High)
Mitigation
• We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.
• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.
• The affected products of the CC100 family will receive a patched Version approximately in 09/22.
In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
Mitigation
• We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.
• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.
• The affected products of the CC100 family will receive a patched Version approximately in 09/22.
In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
Mitigation
• We recommend all effected users of the PFC 100 & PFC 200 product family to update to firmware version 03.10.08(22) or later.
• We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later.
• The affected products of the CC100 family will receive a patched Version approximately in 09/22.
In addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple WAGO product families are prone to multiple vulnerabilities affecting CODESYS control runtime system.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVE entries for further information.",
"title": "Impact"
},
{
"category": "description",
"text": "\u2022 We recommend all effected users of the PFC 100 \u0026 PFC 200 product family to update to firmware version 03.10.08(22) or later.\n\n\u2022 We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later. \n\n\u2022 The affected products of the CC100 family will receive a patched Version approximately in 09/22.\n\nIn addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n- Use firewalls to protect and separate the control system network from other networks\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n- Activate and apply user management and password features\n- Use encrypted communication links\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2022-035: WAGO: Multiple product series affected by multiple CODESYS vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-035/"
},
{
"category": "self",
"summary": "VDE-2022-035: WAGO: Multiple product series affected by multiple CODESYS vulnerabilities - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-035.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Multiple product series affected by multiple CODESYS vulnerabilities",
"tracking": {
"aliases": [
"VDE-2022-035"
],
"current_release_date": "2022-08-17T08:00:00.000Z",
"generator": {
"date": "2025-05-26T08:33:34.917Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.26"
}
},
"id": "VDE-2022-035",
"initial_release_date": "2022-08-17T08:00:00.000Z",
"revision_history": [
{
"date": "2022-08-17T08:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CC100",
"product": {
"name": "CC100",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"751-9301"
]
}
}
},
{
"category": "product_name",
"name": "EC300",
"product": {
"name": "EC300",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"752-8303/8000-0002"
]
}
}
},
{
"category": "product_name",
"name": "PFC 100",
"product": {
"name": "PFC 100",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"750-8102/xxx-xxx",
"750-8100/xxx-xxx",
"750-8101/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "PFC 200",
"product": {
"name": "PFC 200",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"750-8202/xxx-xxx",
"750-8206/xxx-xxx",
"750-8207/xxx-xxx",
"750-8210/xxx-xxx",
"750-8211/xxx-xxx",
"750-8212/xxx-xxx",
"750-8213/xxx-xxx",
"750-8214/xxx-xxx",
"750-8215/xxx-xxx",
"750-8216/xxx-xxx",
"750-8203/xxx-xxx",
"750-8204/xxx-xxx"
]
}
}
},
{
"category": "product_name",
"name": "TP600",
"product": {
"name": "TP600",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"762-6x0x/8000-000x",
"762-4x0x/8000-000x",
"762-5x0x/8000-000x"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=03.09.07(21)",
"product": {
"name": "Firmware \u003c=03.09.07(21)",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=03.07.14(19)",
"product": {
"name": "Firmware \u003c=03.07.14(19)",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=03.09.05(21)",
"product": {
"name": "Firmware \u003c=03.09.05(21)",
"product_id": "CSAFPID-21003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.09.07(21) installed on CC100",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14(19) installed on EC300",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.09.05(21) installed on PFC 100",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.09.05(21) installed on PFC 200",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.14(19) installed on TP600",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36763",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "\u2022 We recommend all effected users of the PFC 100 \u0026 PFC 200 product family to update to firmware version 03.10.08(22) or later.\n\n\u2022 We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later. \n\n\u2022 The affected products of the CC100 family will receive a patched Version approximately in 09/22.\n\nIn addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n- Use firewalls to protect and separate the control system network from other networks\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n- Activate and apply user management and password features\n- Use encrypted communication links\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-36763"
},
{
"cve": "CVE-2021-33485",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "\u2022 We recommend all effected users of the PFC 100 \u0026 PFC 200 product family to update to firmware version 03.10.08(22) or later.\n\n\u2022 We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later. \n\n\u2022 The affected products of the CC100 family will receive a patched Version approximately in 09/22.\n\nIn addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n- Use firewalls to protect and separate the control system network from other networks\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n- Activate and apply user management and password features\n- Use encrypted communication links\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-33485"
},
{
"cve": "CVE-2021-36765",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "\u2022 We recommend all effected users of the PFC 100 \u0026 PFC 200 product family to update to firmware version 03.10.08(22) or later.\n\n\u2022 We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later. \n\n\u2022 The affected products of the CC100 family will receive a patched Version approximately in 09/22.\n\nIn addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n- Use firewalls to protect and separate the control system network from other networks\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n- Activate and apply user management and password features\n- Use encrypted communication links\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-36765"
},
{
"cve": "CVE-2020-6081",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "\u2022 We recommend all effected users of the PFC 100 \u0026 PFC 200 product family to update to firmware version 03.10.08(22) or later.\n\n\u2022 We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later. \n\n\u2022 The affected products of the CC100 family will receive a patched Version approximately in 09/22.\n\nIn addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n- Use firewalls to protect and separate the control system network from other networks\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n- Activate and apply user management and password features\n- Use encrypted communication links\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-6081"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "\u2022 We recommend all effected users of the PFC 100 \u0026 PFC 200 product family to update to firmware version 03.10.08(22) or later.\n\n\u2022 We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later. \n\n\u2022 The affected products of the CC100 family will receive a patched Version approximately in 09/22.\n\nIn addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n- Use firewalls to protect and separate the control system network from other networks\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n- Activate and apply user management and password features\n- Use encrypted communication links\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "\u2022 We recommend all effected users of the PFC 100 \u0026 PFC 200 product family to update to firmware version 03.10.08(22) or later.\n\n\u2022 We recommend all effected users of the TP600 and CC100 product family to update to firmware version 03.10.09(22) or later. \n\n\u2022 The affected products of the CC100 family will receive a patched Version approximately in 09/22.\n\nIn addition to the mitigation hints concerning the above-mentioned vulnerabilities CODESYS GmbH recommends the following general defense measures to reduce the risk of exploits:\n\n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n- Use firewalls to protect and separate the control system network from other networks\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n- Activate and apply user management and password features\n- Use encrypted communication links\n- Limit the access to both development and control system by physical means, operating system features, etc.\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at https://www.codesys.com/security/security-reports.html",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29242"
}
]
}
CERTFR-2021-AVI-370
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | EcoStruxure Machine Expert versions antérieures à 2.0 | ||
| N/A | N/A | spaceLYnk versions antérieures à 2.61 (ne corrige pas toutes les vulnérabilités) | ||
| N/A | N/A | Triconex modèle 3009 MP versions Tricon antérieures à 11.8.0 (build 753) | ||
| N/A | N/A | micrologiciel pour Modicon M241/M251 versions antérieures à 5.1.9.14 | ||
| N/A | N/A | TCM 4351B versions Tricon antérieures à 11.5.1 ou 11.7.1 (build 638) | ||
| N/A | N/A | micrologiciel pour Modicon M218/M241/M251/M262, LMC PacDrive Eco/Pro/Pro2, HMISCU Logic Controllers sans le dernier correctif | ||
| N/A | N/A | Harmony STO, STU, GTO, GTU, GTUX, KG configuré par Vijeo Designer versions antérieures à 6.2 SP11 | ||
| N/A | N/A | Modicon Managed Switch MCSESM et MCSESP versions antérieures à 8.22 | ||
| N/A | N/A | homeLYnk versions antérieures à 2.61 (ne corrige pas toutes les vulnérabilités) | ||
| N/A | N/A | Harmony HMISCU configuré par EcoStruxure Machine Expert versions antérieures à 2.0 | ||
| N/A | N/A | Geo SCADA Expert 2020 version April 2021 (83.7787.1) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EcoStruxure Machine Expert versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.61 (ne corrige pas toutes les vuln\u00e9rabilit\u00e9s)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Triconex mod\u00e8le 3009 MP versions Tricon ant\u00e9rieures \u00e0 11.8.0 (build 753)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "micrologiciel pour Modicon M241/M251 versions ant\u00e9rieures \u00e0 5.1.9.14",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TCM 4351B versions Tricon ant\u00e9rieures \u00e0 11.5.1 ou 11.7.1 (build 638)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "micrologiciel pour Modicon M218/M241/M251/M262, LMC PacDrive Eco/Pro/Pro2, HMISCU Logic Controllers sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Harmony STO, STU, GTO, GTU, GTUX, KG configur\u00e9 par Vijeo Designer versions ant\u00e9rieures \u00e0 6.2 SP11",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Managed Switch MCSESM et MCSESP versions ant\u00e9rieures \u00e0 8.22",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "homeLYnk versions ant\u00e9rieures \u00e0 2.61 (ne corrige pas toutes les vuln\u00e9rabilit\u00e9s)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Harmony HMISCU configur\u00e9 par EcoStruxure Machine Expert versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Geo SCADA Expert 2020 version April 2021 (83.7787.1)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22731"
},
{
"name": "CVE-2019-9008",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9008"
},
{
"name": "CVE-2021-22741",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22741"
},
{
"name": "CVE-2021-22747",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22747"
},
{
"name": "CVE-2021-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22732"
},
{
"name": "CVE-2021-22742",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22742"
},
{
"name": "CVE-2021-22736",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22736"
},
{
"name": "CVE-2021-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22733"
},
{
"name": "CVE-2021-22744",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22744"
},
{
"name": "CVE-2021-22740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22740"
},
{
"name": "CVE-2020-6081",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6081"
},
{
"name": "CVE-2021-22699",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22699"
},
{
"name": "CVE-2020-10245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10245"
},
{
"name": "CVE-2020-7052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7052"
},
{
"name": "CVE-2019-13538",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13538"
},
{
"name": "CVE-2021-22705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22705"
},
{
"name": "CVE-2021-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22735"
},
{
"name": "CVE-2019-9009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9009"
},
{
"name": "CVE-2021-22734",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22734"
},
{
"name": "CVE-2021-22746",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22746"
},
{
"name": "CVE-2021-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22737"
},
{
"name": "CVE-2021-22743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22743"
},
{
"name": "CVE-2021-22745",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22745"
},
{
"name": "CVE-2021-22738",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22738"
},
{
"name": "CVE-2021-22739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22739"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-04 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-03 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-02 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-07 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-01 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-06 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-05 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-05"
}
]
}
CERTFR-2021-AVI-370
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | EcoStruxure Machine Expert versions antérieures à 2.0 | ||
| N/A | N/A | spaceLYnk versions antérieures à 2.61 (ne corrige pas toutes les vulnérabilités) | ||
| N/A | N/A | Triconex modèle 3009 MP versions Tricon antérieures à 11.8.0 (build 753) | ||
| N/A | N/A | micrologiciel pour Modicon M241/M251 versions antérieures à 5.1.9.14 | ||
| N/A | N/A | TCM 4351B versions Tricon antérieures à 11.5.1 ou 11.7.1 (build 638) | ||
| N/A | N/A | micrologiciel pour Modicon M218/M241/M251/M262, LMC PacDrive Eco/Pro/Pro2, HMISCU Logic Controllers sans le dernier correctif | ||
| N/A | N/A | Harmony STO, STU, GTO, GTU, GTUX, KG configuré par Vijeo Designer versions antérieures à 6.2 SP11 | ||
| N/A | N/A | Modicon Managed Switch MCSESM et MCSESP versions antérieures à 8.22 | ||
| N/A | N/A | homeLYnk versions antérieures à 2.61 (ne corrige pas toutes les vulnérabilités) | ||
| N/A | N/A | Harmony HMISCU configuré par EcoStruxure Machine Expert versions antérieures à 2.0 | ||
| N/A | N/A | Geo SCADA Expert 2020 version April 2021 (83.7787.1) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EcoStruxure Machine Expert versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.61 (ne corrige pas toutes les vuln\u00e9rabilit\u00e9s)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Triconex mod\u00e8le 3009 MP versions Tricon ant\u00e9rieures \u00e0 11.8.0 (build 753)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "micrologiciel pour Modicon M241/M251 versions ant\u00e9rieures \u00e0 5.1.9.14",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TCM 4351B versions Tricon ant\u00e9rieures \u00e0 11.5.1 ou 11.7.1 (build 638)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "micrologiciel pour Modicon M218/M241/M251/M262, LMC PacDrive Eco/Pro/Pro2, HMISCU Logic Controllers sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Harmony STO, STU, GTO, GTU, GTUX, KG configur\u00e9 par Vijeo Designer versions ant\u00e9rieures \u00e0 6.2 SP11",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Managed Switch MCSESM et MCSESP versions ant\u00e9rieures \u00e0 8.22",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "homeLYnk versions ant\u00e9rieures \u00e0 2.61 (ne corrige pas toutes les vuln\u00e9rabilit\u00e9s)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Harmony HMISCU configur\u00e9 par EcoStruxure Machine Expert versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Geo SCADA Expert 2020 version April 2021 (83.7787.1)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22731"
},
{
"name": "CVE-2019-9008",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9008"
},
{
"name": "CVE-2021-22741",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22741"
},
{
"name": "CVE-2021-22747",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22747"
},
{
"name": "CVE-2021-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22732"
},
{
"name": "CVE-2021-22742",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22742"
},
{
"name": "CVE-2021-22736",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22736"
},
{
"name": "CVE-2021-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22733"
},
{
"name": "CVE-2021-22744",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22744"
},
{
"name": "CVE-2021-22740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22740"
},
{
"name": "CVE-2020-6081",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6081"
},
{
"name": "CVE-2021-22699",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22699"
},
{
"name": "CVE-2020-10245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10245"
},
{
"name": "CVE-2020-7052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7052"
},
{
"name": "CVE-2019-13538",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13538"
},
{
"name": "CVE-2021-22705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22705"
},
{
"name": "CVE-2021-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22735"
},
{
"name": "CVE-2019-9009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9009"
},
{
"name": "CVE-2021-22734",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22734"
},
{
"name": "CVE-2021-22746",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22746"
},
{
"name": "CVE-2021-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22737"
},
{
"name": "CVE-2021-22743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22743"
},
{
"name": "CVE-2021-22745",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22745"
},
{
"name": "CVE-2021-22738",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22738"
},
{
"name": "CVE-2021-22739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22739"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-04 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-03 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-02 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-07 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-01 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-06 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-130-05 du 11 mai 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-05"
}
]
}
CNVD-2020-53804
Vulnerability from cnvd - Published: 2020-09-24
VLAI Severity ?
Title
3S-Smart Software Solutions CODESYS Runtime远程代码执行漏洞
Description
3S-Smart Software Solutions CODESYS Runtime是德国3S-Smart Software Solutions公司的一套基于IEC61131-3标准编程的控制器实时运行系统。该系统可以将任何嵌入式或基于PC的设备转变为符合IEC61131-3标准的工业控制器。
3S-Smart Software Solutions CODESYS Runtime 3.5.14.30版本中的PLC_Task功能存在安全漏洞。攻击者可通过发送恶意的数据包利用该漏洞执行代码。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://www.codesys.com/
Reference
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003
Impacted products
| Name | 3S-Smart Software Solutions CODESYS Runtime 3.5.14.30 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-6081"
}
},
"description": "3S-Smart Software Solutions CODESYS Runtime\u662f\u5fb7\u56fd3S-Smart Software Solutions\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eIEC61131-3\u6807\u51c6\u7f16\u7a0b\u7684\u63a7\u5236\u5668\u5b9e\u65f6\u8fd0\u884c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u53ef\u4ee5\u5c06\u4efb\u4f55\u5d4c\u5165\u5f0f\u6216\u57fa\u4e8ePC\u7684\u8bbe\u5907\u8f6c\u53d8\u4e3a\u7b26\u5408IEC61131-3\u6807\u51c6\u7684\u5de5\u4e1a\u63a7\u5236\u5668\u3002\n\n3S-Smart Software Solutions CODESYS Runtime 3.5.14.30\u7248\u672c\u4e2d\u7684PLC_Task\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.codesys.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-53804",
"openTime": "2020-09-24",
"products": {
"product": "3S-Smart Software Solutions CODESYS Runtime 3.5.14.30"
},
"referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003",
"serverity": "\u4e2d",
"submitTime": "2020-05-07",
"title": "3S-Smart Software Solutions CODESYS Runtime\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
GSD-2020-6081
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-6081",
"description": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"id": "GSD-2020-6081"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-6081"
],
"details": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"id": "GSD-2020-6081",
"modified": "2023-12-13T01:21:54.534575Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3S",
"version": {
"version_data": [
{
"version_value": "3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.9,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:codesys:runtime:3.5.14.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6081"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-06-03T18:02Z",
"publishedDate": "2020-05-07T13:15Z"
}
}
}
VDE-2021-061
Vulnerability from csaf_pilzgmbhcokg - Published: 2022-04-26 10:00 - Updated: 2022-04-26 10:00Summary
Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities
Notes
Summary: The software product PMC programming tool from Pilz is based on the software CODESYS Development System from CODESYS GmbH. This software is affected by several vulnerabilities, which an attacker can exploit locally or via the network. This means that, in a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.
Impact: In a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.
Mitigation: Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Remediation: Installation of the software version 3.5.17
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
8.6 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
5.3 (Medium)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
8.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
7.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
8.8 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
6.5 (Medium)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
7.5 (High)
Mitigation
Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Vendor Fix
Installation of the software version 3.5.17
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The software product PMC programming tool from Pilz is based on the software CODESYS\u00a0Development System from CODESYS GmbH. This software is affected by several vulnerabilities, which an attacker can exploit locally or via the network. This means that, in a worst\u00a0case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.",
"title": "Summary"
},
{
"category": "description",
"text": "In a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.",
"title": "Impact"
},
{
"category": "description",
"text": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Installation of the software version 3.5.17",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-061: Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-061/"
},
{
"category": "self",
"summary": "VDE-2021-061: Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2021-061.json"
},
{
"category": "external",
"summary": "Pilz PSIRT",
"url": "https://www.pilz.com/en-INT/products/industrial-security/security-incident-management"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
}
],
"title": "Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-061"
],
"current_release_date": "2022-04-26T10:00:00.000Z",
"generator": {
"date": "2025-05-05T09:34:10.920Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2021-061",
"initial_release_date": "2022-04-26T10:00:00.000Z",
"revision_history": [
{
"date": "2022-04-26T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "3.0.0\u003c=3.5.15",
"product": {
"name": "PMC programming tool 3.x.x 3.0.0 \u003c= 3.5.15",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "3.5.17",
"product": {
"name": "PMC programming tool 3.x.x 3.5.17",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "PMC programming tool 3.x.x"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Pilz"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2019-13538",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-13538"
},
{
"cve": "CVE-2021-29240",
"notes": [
{
"category": "description",
"text": "The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29240"
},
{
"cve": "CVE-2021-29239",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29239"
},
{
"cve": "CVE-2021-21869",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21869"
},
{
"cve": "CVE-2021-21868",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21868"
},
{
"cve": "CVE-2021-21867",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21867"
},
{
"cve": "CVE-2021-21866",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21866"
},
{
"cve": "CVE-2021-21865",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21865"
},
{
"cve": "CVE-2021-21864",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21864"
},
{
"cve": "CVE-2021-21863",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21863"
},
{
"cve": "CVE-2019-9009",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-9009"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14515"
},
{
"cve": "CVE-2019-9011",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-9011"
},
{
"cve": "CVE-2019-9013",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-9013"
},
{
"cve": "CVE-2020-12067",
"cwe": {
"id": "CWE-640",
"name": "Weak Password Recovery Mechanism for Forgotten Password"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-12067"
},
{
"cve": "CVE-2020-12069",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-12069"
},
{
"cve": "CVE-2020-6081",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-6081"
},
{
"cve": "CVE-2021-36764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-36764"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-7052",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-7052"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29242"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2019-5105",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-5105"
}
]
}
VDE-2021-054
Vulnerability from csaf_pilzgmbhcokg - Published: 2022-04-26 10:00 - Updated: 2022-04-26 10:00Summary
Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system
Notes
Summary: Several Pilz products use Versions V2 and V3 of the CODESYS runtime system from CODESYS GmbH, which enables the execution of IEC 61131-3 PLC programs. These runtime environments contain several vulnerabilities, which an attacker can exploit via the network. Successful exploitation of the vulnerabilities results in reduced availability and, in a worst case, to the insertion of program code.
Impact: The affected products use the CODESYS runtime environment from CODESYS GmbH. Either Version V2 or V3 is active, depending on the configuration. V3 is activated upon delivery. These runtime environments contain the listed vulnerabilities. Some of the vulnerabilities only affect either version V2 or V3 of the CODESYS runtime environment.
General countermeasures: Use a firewall or comparable measures at network level to protect the devices from unauthorised network communication.
Employ user management to restrict online access to authorised persons.
Remediation: PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
6.5 (Medium)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
8.1 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
9.8 (Critical)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
6.5 (Medium)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
8.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
7.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
8.8 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
5.3 (Medium)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
7.5 (High)
Vendor Fix
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.
6.5 (Medium)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
7.5 (High)
None Available
PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.
• PMCprimo C2, PMCprimo MC:
Installation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system.
The V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several Pilz products use Versions V2 and V3 of the CODESYS runtime system from CODESYS GmbH, which enables the execution of IEC 61131-3 PLC programs. These runtime environments contain several vulnerabilities, which an attacker can exploit via the network. Successful exploitation of the vulnerabilities results in reduced availability and, in a worst case, to the insertion of program code.",
"title": "Summary"
},
{
"category": "description",
"text": "The affected products use the CODESYS runtime environment from CODESYS GmbH. Either Version V2 or V3 is active, depending on the configuration. V3 is activated upon delivery. These runtime environments contain the listed vulnerabilities. Some of the vulnerabilities only affect either version V2 or V3 of the CODESYS runtime environment.",
"title": "Impact"
},
{
"category": "general",
"text": "Use a firewall or comparable measures at network level to protect the devices from unauthorised network communication.\nEmploy user management to restrict online access to authorised persons.",
"title": "General countermeasures"
},
{
"category": "general",
"text": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-054: Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-054/"
},
{
"category": "self",
"summary": "VDE-2021-054: Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2021-054.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.pilz.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
}
],
"title": "Pilz: Multiple vulnerabilities in CODESYS V2 and V3 runtime system",
"tracking": {
"aliases": [
"VDE-2021-054"
],
"current_release_date": "2022-04-26T10:00:00.000Z",
"generator": {
"date": "2025-05-14T13:21:16.214Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2021-054",
"initial_release_date": "2022-04-26T10:00:00.000Z",
"revision_history": [
{
"date": "2022-04-26T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Motion controller PMCprimo C",
"product": {
"name": "Motion controller PMCprimo C",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"680175",
"680052",
"680053",
"680054",
"680055",
"680062",
"680063",
"680064",
"680065",
"680162",
"680163",
"680164",
"680165",
"680172",
"680173",
"680174"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo C2.0 (plug-in card)",
"product": {
"name": "Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"680182",
"680183",
"680184",
"680185"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo C2.1 (housing version)",
"product": {
"name": "Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"680192",
"680193",
"680194",
"680195"
]
}
}
},
{
"category": "product_name",
"name": "Motion controller PMCprimo MC",
"product": {
"name": "Motion controller PMCprimo MC",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"680082",
"680083",
"680084",
"680085"
]
}
}
},
{
"category": "product_name",
"name": "Operator terminal/controller PMI 6 primo",
"product": {
"name": "Operator terminal/controller PMI 6 primo",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"265608",
"265613",
"264639"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=03.07.00",
"product": {
"name": "Firmware \u003c=03.07.00",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "03.08.00",
"product": {
"name": "Firmware 03.08.00",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Motion controller PMCprimo C",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.07.00 installed on Motion controller PMCprimo MC",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on Operator terminal/controller PMI 6 primo",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo C2.0 (plug-in card)",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo C2.1 (housing version)",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.08.00 installed on Motion controller PMCprimo MC",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-36764"
},
{
"cve": "CVE-2021-34596",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "description",
"text": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34596"
},
{
"cve": "CVE-2021-34595",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34595"
},
{
"cve": "CVE-2021-34593",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-34593"
},
{
"cve": "CVE-2021-30195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30195"
},
{
"cve": "CVE-2021-30188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30188"
},
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29242"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2020-7052",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-7052"
},
{
"cve": "CVE-2020-6081",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-6081"
},
{
"cve": "CVE-2020-12069",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-12069"
},
{
"cve": "CVE-2020-12067",
"cwe": {
"id": "CWE-640",
"name": "Weak Password Recovery Mechanism for Forgotten Password"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2020-12067"
},
{
"cve": "CVE-2019-9013",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9013"
},
{
"cve": "CVE-2019-9011",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9011"
},
{
"cve": "CVE-2019-9009",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-9009"
},
{
"cve": "CVE-2019-5105",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-5105"
},
{
"cve": "CVE-2019-19789",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2019-19789"
},
{
"cve": "CVE-2021-30186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "none_available",
"details": "PMI 6 primo, PMCprimo C: No product-specific countermeasures available, please follow the general countermeasures.\n\n\u2022 PMCprimo C2, PMCprimo MC: \n\nInstallation of Firmware Version 03.08.00 This update does not resolve the vulnerabilities (CVE-2021-34595, CVE-2021-34596, CVE-2021-34593, CVE-2021-30186, CVE-2021-30188, CVE-2021-30195, CVE-2019-19789) in the CODESYS V2 runtime system. \n\nThe V2 runtime system is still included for compatibility reasons but is no longer supported by Pilz. Please migrate your application to the V3 runtime system or follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-30186"
}
]
}
VAR-202005-1001
Vulnerability from variot - Updated: 2023-12-18 13:47An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. (DoS) It may be put into a state. 3S-Smart Software Solutions CODESYS Runtime is a set of controller real-time running system based on IEC61131-3 standard programming of Germany 3S-Smart Software Solutions. The system can transform any embedded or PC-based equipment into an industrial controller that conforms to the IEC61131-3 standard
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "runtime",
"scope": "eq",
"trust": 1.1,
"vendor": "codesys",
"version": "3.5.14.30"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.5.14.30"
},
{
"model": "software solutions codesys runtime",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5.14.30"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"db": "VULMON",
"id": "CVE-2020-6081"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"db": "NVD",
"id": "CVE-2020-6081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:codesys:runtime:3.5.14.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd of Cisco Talos",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
],
"trust": 0.6
},
"cve": "CVE-2020-6081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005179",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-53804",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-6081",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005179",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6081",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2020-6081",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005179",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-53804",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-236",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-6081",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"db": "VULMON",
"id": "CVE-2020-6081"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. (DoS) It may be put into a state. 3S-Smart Software Solutions CODESYS Runtime is a set of controller real-time running system based on IEC61131-3 standard programming of Germany 3S-Smart Software Solutions. The system can transform any embedded or PC-based equipment into an industrial controller that conforms to the IEC61131-3 standard",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"db": "VULMON",
"id": "CVE-2020-6081"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6081",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2020-1003",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005179",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-53804",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-236",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-6081",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"db": "VULMON",
"id": "CVE-2020-6081"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
]
},
"id": "VAR-202005-1001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53804"
}
],
"trust": 1.4042929133333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53804"
}
]
},
"last_update_date": "2023-12-18T13:47:30.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"db": "NVD",
"id": "CVE-2020-6081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2020-1003"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6081"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6081"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"db": "VULMON",
"id": "CVE-2020-6081"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"db": "VULMON",
"id": "CVE-2020-6081"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6081"
},
{
"date": "2020-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"date": "2020-05-07T13:15:12.233000",
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53804"
},
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6081"
},
{
"date": "2020-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005179"
},
{
"date": "2022-06-03T18:02:34.243000",
"db": "NVD",
"id": "CVE-2020-6081"
},
{
"date": "2020-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions GmbH CODESYS Runtime Vulnerability in inadequate validation of data reliability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-236"
}
],
"trust": 0.6
}
}
GHSA-7GRW-2XFW-QJVM
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-05-24 17:17
VLAI?
Details
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-6081"
],
"database_specific": {
"cwe_ids": [
"CWE-345"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-07T13:15:00Z",
"severity": "MODERATE"
},
"details": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"id": "GHSA-7grw-2xfw-qjvm",
"modified": "2022-05-24T17:17:24Z",
"published": "2022-05-24T17:17:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6081"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2020-6081
Vulnerability from fkie_nvd - Published: 2020-05-07 13:15 - Updated: 2024-11-21 05:35
Severity ?
Summary
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:runtime:3.5.14.30:*:*:*:*:*:*:*",
"matchCriteriaId": "25D5C6D1-EDAB-4CFF-833B-D46A5FD56FAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo explotable en la funcionalidad PLC_Task de 3S-Smart Software Solutions GmbH CODESYS Runtime versi\u00f3n 3.5.14.30. Una petici\u00f3n de red especialmente dise\u00f1ada puede causar una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2020-6081",
"lastModified": "2024-11-21T05:35:03.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-07T13:15:12.233",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…