Published: 29/01/2019 Updated: 09/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
codesys control win sl
codesys development system v3
codesys hmi sl
codesys control for raspberry pi sl
codesys control runtime toolkit
codesys control for empc-a\\/imx6 sl
codesys control for iot2000 sl
codesys control for linux sl
codesys control for pfc100 sl
codesys control for beaglebone sl
codesys control for pfc200 sl
codesys control rte sl

CWE-311 CWE-732 https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03 http://www.securityfocus.com/bid/106248 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10612

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect