Lucene search

[email protected]CVE-2020-12069

HistoryDec 26, 2022 - 7:15 p.m.

CVE-2020-12069

2022-12-2619:15:10

CWE-916

[email protected]

web.nvd.nist.gov

cve-2020-12069

codesys v3

security vulnerability

weak hashing algorithm

local attacker

low privileges

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Affected configurations

NVD

Node

pilzpmcRange3.0.0–3.5.17

CPENameOperatorVersion
pilz:pmcpilz pmclt3.5.17

CPE	Name	Operator	Version
pilz:pmc	pilz pmc	lt	3.5.17

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS V3  containing the CmpUserMgr",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.16.0",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2021-061/

cert.vde.com/en/advisories/VDE-2022-022/

cert.vde.com/en/advisories/VDE-2022-031/

customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

Related for CVE-2020-12069

prion1 cvelist1 nvd1