Lucene search

[email protected]CVE-2019-9013

HistoryAug 15, 2019 - 5:15 p.m.

CVE-2019-9013

2019-08-1517:15:00

CWE-327

[email protected]

web.nvd.nist.gov

3s-smart

codesys

products

encryption

user credentials

transport

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.1%

JSON

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.

CPENameOperatorVersion
codesys:control_for_beaglebone_slcodesys control for beaglebone sllt3.5.16.0
codesys:control_for_empc-a\/imx6_slcodesys control for empc-a\/imx6 sllt3.5.16.0
codesys:control_for_iot2000_slcodesys control for iot2000 sllt3.5.16.0
codesys:control_for_linux_slcodesys control for linux sllt3.5.16.0
codesys:control_for_pfc100_slcodesys control for pfc100 sllt3.5.16.0
codesys:control_for_pfc200_slcodesys control for pfc200 sllt3.5.16.0
codesys:raspberry_picodesys raspberry pilt3.5.16.0
codesys:control_rte_slcodesys control rte sllt3.5.16.0
codesys:control_win_slcodesys control win sllt3.5.16.0
codesys:development_systemcodesys development systemlt3.5.16.0

CPE	Name	Operator	Version
codesys:control_for_beaglebone_sl	codesys control for beaglebone sl	lt	3.5.16.0
codesys:control_for_empc-a\/imx6_sl	codesys control for empc-a\/imx6 sl	lt	3.5.16.0
codesys:control_for_iot2000_sl	codesys control for iot2000 sl	lt	3.5.16.0
codesys:control_for_linux_sl	codesys control for linux sl	lt	3.5.16.0
codesys:control_for_pfc100_sl	codesys control for pfc100 sl	lt	3.5.16.0
codesys:control_for_pfc200_sl	codesys control for pfc200 sl	lt	3.5.16.0
codesys:raspberry_pi	codesys raspberry pi	lt	3.5.16.0
codesys:control_rte_sl	codesys control rte sl	lt	3.5.16.0
codesys:control_win_sl	codesys control win sl	lt	3.5.16.0
codesys:development_system	codesys development system	lt	3.5.16.0

Rows per page:

1-10 of 121

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=

www.us-cert.gov/ics/advisories/icsa-19-213-04

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for CVE-2019-9013

prion1 ics1 cve1 nessus1 mmpc1 mssecure1 thn1