Vulnerabilites related to codesys - control_v3_runtime_system_toolkit
cve-2020-12069
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2025-04-14 16:17
Severity ?
EPSS score ?
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2021-061/ | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2022-031/ | vendor-advisory | |
| https://cert.vde.com/en/advisories/VDE-2022-022/ | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS V3 containing the CmpUserMgr |
Version: V3 < V3.5.16.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:58.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-12069", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T16:17:42.834492Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-14T16:17:54.368Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CODESYS V3 containing the CmpUserMgr", vendor: "CODESYS", versions: [ { lessThan: "V3.5.16.0", status: "affected", version: "V3", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.", }, ], value: "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-916", description: "CWE-916 Use of Password Hash With Insufficient Computational Effort", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T05:40:17.087Z", orgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", shortName: "CERTVDE", }, references: [ { tags: [ "vendor-advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, { tags: [ "vendor-advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { tags: [ "vendor-advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { tags: [ "vendor-advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, ], source: { discovery: "UNKNOWN", }, title: "CODESYS V3 prone to Inadequate Password Hashing", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12069", datePublished: "2022-12-26T00:00:00.000Z", dateReserved: "2020-04-22T00:00:00.000Z", dateUpdated: "2025-04-14T16:17:54.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-25048
Vulnerability from cvelistv5
Published
2023-03-23 10:45
Modified
2025-02-19 21:00
Severity ?
EPSS score ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-25048", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T21:00:23.308028Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T21:00:29.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Control for BeagleBone", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: " Control for emPC-A/iMX6", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for IOT2000", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for PFC100", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for PFC200", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control for Raspberry Pi", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control RTE V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control Win V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Simulation Runtime (part of the CODESYS Development System)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "HMI V3 (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Remote Target Visu (all variants)", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Control V3 Runtime System Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Embedded Target Visu Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "V3 Remote Target Visu Toolkit", vendor: "CODESYS", versions: [ { lessThan: "3.5.12.30", status: "affected", version: "3.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime Toolkit 32 bit embedded", vendor: "CODESYS", versions: [ { lessThan: "2.3.2.10", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime Toolkit 32 bit full", vendor: "CODESYS", versions: [ { lessThan: "2.4.7.52", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Runtime PLCWinNT", vendor: "CODESYS", versions: [ { lessThan: "2.4.7.52", status: "affected", version: "2.0.0.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: " Prosoft-Systems Ltd.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-23T10:45:36.900Z", orgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", shortName: "CERTVDE", }, references: [ { url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], source: { defect: [ "CERT@VDE#64324", ], discovery: "EXTERNAL", }, title: "Codesys Runtime Improper Limitation of a Pathname", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", assignerShortName: "CERTVDE", cveId: "CVE-2018-25048", datePublished: "2023-03-23T10:45:36.900Z", dateReserved: "2022-12-07T12:06:08.365Z", dateUpdated: "2025-02-19T21:00:29.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-12-26 19:15
Modified
2024-11-21 04:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-061/ | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-022/ | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-031/ | Third Party Advisory | |
| info@cert.vde.com | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-061/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-022/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-031/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pilz | pmc | * | |
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_linux | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_plcnext | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte_v3 | * | |
| codesys | control_v3_runtime_system_toolkit | * | |
| codesys | control_win_v3 | * | |
| codesys | hmi_v3 | * | |
| codesys | v3_simulation_runtime | * | |
| festo | controller_cecc-d_firmware | 2.3.8.0 | |
| festo | controller_cecc-d_firmware | 2.3.8.1 | |
| festo | controller_cecc-d | - | |
| festo | controller_cecc-lk_firmware | 2.3.8.0 | |
| festo | controller_cecc-lk_firmware | 2.3.8.1 | |
| festo | controller_cecc-lk | - | |
| festo | controller_cecc-s_firmware | 2.3.8.0 | |
| festo | controller_cecc-s_firmware | 2.3.8.1 | |
| festo | controller_cecc-s | - | |
| wago | 750-8217_firmware | - | |
| wago | 750-8217 | - | |
| wago | 750-8216_firmware | * | |
| wago | 750-8216 | - | |
| wago | 750-8215_firmware | * | |
| wago | 750-8215 | - | |
| wago | 750-8214_firmware | * | |
| wago | 750-8214 | - | |
| wago | 750-8213_firmware | * | |
| wago | 750-8213 | - | |
| wago | 750-8212_firmware | * | |
| wago | 750-8212 | - | |
| wago | 750-8211_firmware | * | |
| wago | 750-8211 | - | |
| wago | 750-8210_firmware | * | |
| wago | 750-8210 | - | |
| wago | 750-8207_firmware | * | |
| wago | 750-8207 | - | |
| wago | 750-8206_firmware | * | |
| wago | 750-8206 | - | |
| wago | 750-8204_firmware | * | |
| wago | 750-8204 | - | |
| wago | 750-8203_firmware | * | |
| wago | 750-8203 | - | |
| wago | 750-8202_firmware | * | |
| wago | 750-8202 | - | |
| wago | 750-8102_firmware | * | |
| wago | 750-8102 | - | |
| wago | 750-8101_firmware | * | |
| wago | 750-8101 | - | |
| wago | 750-8100_firmware | * | |
| wago | 750-8100 | - | |
| wago | 762-4201\/8000-001_firmware | * | |
| wago | 762-4201\/8000-001 | - | |
| wago | 762-4202\/8000-001_firmware | * | |
| wago | 762-4202\/8000-001 | - | |
| wago | 762-4203\/8000-001_firmware | * | |
| wago | 762-4203\/8000-001 | - | |
| wago | 762-4204\/8000-001_firmware | * | |
| wago | 762-4204\/8000-001 | - | |
| wago | 762-4205\/8000-001_firmware | * | |
| wago | 762-4205\/8000-001 | - | |
| wago | 762-4205\/8000-002_firmware | * | |
| wago | 762-4205\/8000-002 | - | |
| wago | 762-4206\/8000-001_firmware | * | |
| wago | 762-4206\/8000-001 | - | |
| wago | 762-4206\/8000-002_firmware | * | |
| wago | 762-4206\/8000-002 | - | |
| wago | 762-4301\/8000-002_firmware | * | |
| wago | 762-4301\/8000-002 | - | |
| wago | 762-4302\/8000-002_firmware | * | |
| wago | 762-4302\/8000-002 | - | |
| wago | 762-4303\/8000-002_firmware | * | |
| wago | 762-4303\/8000-002 | - | |
| wago | 762-4304\/8000-002_firmware | * | |
| wago | 762-4304\/8000-002 | - | |
| wago | 762-4305\/8000-002_firmware | * | |
| wago | 762-4305\/8000-002 | - | |
| wago | 762-4306\/8000-002_firmware | * | |
| wago | 762-4306\/8000-002 | - | |
| wago | 762-5203\/8000-001_firmware | * | |
| wago | 762-5203\/8000-001 | - | |
| wago | 762-5204\/8000-001_firmware | * | |
| wago | 762-5204\/8000-001 | - | |
| wago | 762-5205\/8000-001_firmware | * | |
| wago | 762-5205\/8000-001 | - | |
| wago | 762-5206\/8000-001_firmware | * | |
| wago | 762-5206\/8000-001 | - | |
| wago | 762-5303\/8000-002_firmware | * | |
| wago | 762-5303\/8000-002 | - | |
| wago | 762-5304\/8000-002_firmware | * | |
| wago | 762-5304\/8000-002 | - | |
| wago | 762-5305\/8000-002_firmware | * | |
| wago | 762-5305\/8000-002 | - | |
| wago | 762-5306\/8000-002_firmware | * | |
| wago | 762-5306\/8000-002 | - | |
| wago | 762-6201\/8000-001_firmware | * | |
| wago | 762-6201\/8000-001 | - | |
| wago | 762-6202\/8000-001_firmware | * | |
| wago | 762-6202\/8000-001 | - | |
| wago | 762-6203\/8000-001_firmware | * | |
| wago | 762-6203\/8000-001 | - | |
| wago | 762-6204\/8000-001_firmware | * | |
| wago | 762-6204\/8000-001 | - | |
| wago | 762-6301\/8000-002_firmware | * | |
| wago | 762-6301\/8000-002 | - | |
| wago | 762-6302\/8000-002_firmware | * | |
| wago | 762-6302\/8000-002 | - | |
| wago | 762-6303\/8000-002_firmware | * | |
| wago | 762-6303\/8000-002 | - | |
| wago | 762-6304\/8000-002_firmware | * | |
| wago | 762-6304\/8000-002 | - | |
| wago | 752-8303\/8000-0002_firmware | * | |
| wago | 752-8303\/8000-0002 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pilz:pmc:*:*:*:*:*:*:*:*", matchCriteriaId: "1603B9DF-B514-409E-BCB4-9366F9457EB7", versionEndExcluding: "3.5.17", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "2A5313A0-4D9B-4B1F-B432-F84130717DE7", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "C9EA03EF-F424-4AC6-AC0B-A284A2553092", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "38ECECFA-13C2-459E-B509-5F663E72CDE9", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "A7492683-673C-495F-9748-E3467F547F3B", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "1CC12843-4775-46BF-BB7F-35D7A4825027", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", matchCriteriaId: "84E46BF9-F5A0-4C09-BE2B-486263D89E85", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "C17614A6-F334-4955-824D-A237A9672ECD", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte_v3:*:*:*:*:*:*:*:*", matchCriteriaId: "14130B51-A172-4F7B-8C66-EC77BC88E7B7", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "B6D33373-E3FC-468A-9CDC-9902C58A6506", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win_v3:*:*:*:*:*:*:*:*", matchCriteriaId: "3FF3AC84-140D-4F59-8624-714F974DFE42", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi_v3:*:*:*:*:*:*:*:*", matchCriteriaId: "620EFF51-16DA-4A0F-AB32-E42D064EDC21", versionEndExcluding: "3.5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:v3_simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "09EFCCBD-8961-4E2F-90F3-452EB2B354C1", versionEndExcluding: "3.5.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "5949D80D-9E1D-4F4C-A64F-3C24F77E1961", vulnerable: true, }, { criteria: "cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1:*:*:*:*:*:*:*", matchCriteriaId: "6479AA1B-D587-47F0-8695-CB3E9DFE96DA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:festo:controller_cecc-d:-:*:*:*:*:*:*:*", matchCriteriaId: "D5F17E63-45C3-48C7-916C-272FEB02E8C7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "4CF6A2F0-0190-48FF-BB9A-C7651D92A24A", vulnerable: true, }, { criteria: "cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1:*:*:*:*:*:*:*", matchCriteriaId: "AB868741-D7A8-4DDB-A2A3-1074D6B9DD85", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:festo:controller_cecc-lk:-:*:*:*:*:*:*:*", matchCriteriaId: "AA82BF77-3362-46A9-8ED3-BD7A07779562", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "B703F63E-C0DA-4426-9378-3A7A6E3E5060", vulnerable: true, }, { criteria: "cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1:*:*:*:*:*:*:*", matchCriteriaId: "37695435-4E04-4B5E-8D85-B9786A740C07", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:festo:controller_cecc-s:-:*:*:*:*:*:*:*", matchCriteriaId: "07DFC73D-3164-402D-A7D0-D37610206F8D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8217_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FA5412C2-6982-4A66-B440-51DEF02F2C11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*", matchCriteriaId: "B23CD8FD-FC7A-4E24-BF8F-648478D82645", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6766E924-B6F0-4B49-AC5C-4635DFFA9E52", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*", matchCriteriaId: "3B854F74-173E-4523-BBA7-8FF7A9B9880E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8215_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB1544BB-CDDE-4E32-8D64-F6A65DC2B6CC", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8215:-:*:*:*:*:*:*:*", matchCriteriaId: "577EDC26-671C-4703-BBF0-FE93AFEA81E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E1169B9-53BD-47CF-BF19-17DBC0703B51", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*", matchCriteriaId: "979A8E43-4285-4A7B-BB0B-E6888117862C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "68D4E7F6-CEAE-456D-AF2D-9A6B3D6B2F45", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*", matchCriteriaId: "4969E8EB-EF09-47B9-8F03-37BB87CFD048", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D577EB6B-E29C-4E0A-816F-0231ADA84A07", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*", matchCriteriaId: "20BBC380-0F6E-4400-93AF-5B6CFEF00562", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C3A5FA7D-E0FF-4676-BFE8-70EF94C7C349", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*", matchCriteriaId: "5CD6B267-3E4B-4597-82A6-130D6F21C728", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5065C4C4-E09F-4B09-B2BD-2B8BC7451C3E", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*", matchCriteriaId: "1E11758B-46C3-4E57-943A-C9C073AE5211", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5B6F7A7E-4E7E-4721-A30E-2629B700E184", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*", matchCriteriaId: "DA98A0D9-B050-430B-96C5-15932438FD3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E97F6B2-2065-4726-88D9-80145F3C23C5", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*", matchCriteriaId: "2E17ECC4-D7AE-485C-A2EF-4148817F9DB8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A035FB07-360A-479D-A6B3-979CCE07A8D7", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*", matchCriteriaId: "7AF14BE1-1EB5-423B-9FE7-E401AEF92553", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F174A297-EF2D-491D-BF24-02E52ABE1CCA", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*", matchCriteriaId: "EC428EC8-532A-4825-BCE3-C42A4BC01C68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC08CA50-30F0-4970-A688-447FD6ABA0E7", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*", matchCriteriaId: "23B02096-81A5-4823-94F3-D87F389397DE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C24AAFAF-2BB2-4C90-A294-794D76FEF295", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*", matchCriteriaId: "A409E2AA-49AC-4967-8984-070FC9AD06E3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C07A6921-5664-4DDB-BB9E-32375B6ADDAD", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*", matchCriteriaId: "3111C2A1-CABC-42BF-9EB1-66667A7269C7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0BAFAAD6-8F69-4C71-8A88-CD9FDACF1485", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*", matchCriteriaId: "33C4EEF3-EB06-4A8E-9BB2-0FE0AC3A6B7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4201\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AB6C8A59-2E86-4E4E-AABF-BFA48A4C5733", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4201\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "D2E54B6A-82B1-4AFA-BBA0-1998B5DE0BBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4202\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6500D1ED-60AC-45E2-921B-5F7735B265BF", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4202\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "09484C17-CD67-44E3-BA2D-0F718D888B0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4203\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2F53B32B-C496-49AD-85F1-D7CA256FCE40", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4203\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "7E5672E3-7B4C-4FAF-955E-04EEB9E5B210", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4204\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6951A92E-974E-4361-9551-CE5D58D82D14", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4204\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "1C9E9B25-5C96-4665-9DC2-DD11905331AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4205\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "86F222E9-8105-477C-BC4D-558751183C52", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4205\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "A646213B-FF88-4A28-91B8-E21BD3710DF1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4205\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E7E68AF4-175D-49A2-AD1C-002845FE0C3D", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4205\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "A2569546-AC58-420F-8FE6-90BA904DF6AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4206\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F1D621FF-BF0B-4E20-97A0-8A53C68C5A89", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4206\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "39A1F780-B010-4C95-B1B8-3A2D34938223", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4206\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66A5AE5B-619A-400F-B4B2-10884F64369F", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4206\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "C88834C9-E823-4B11-91D2-8E2264D5E3D2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4301\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C5A57157-6B49-402E-9533-828E59C67649", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4301\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "BD64BCDC-A7F2-4E8C-886D-C0D9268D0DA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4302\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BFADF5D8-9EAA-4D93-A4ED-315BE26D0BBA", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4302\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "5FDBE05B-7ACB-4DB5-8D2F-7FCEC626E161", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4303\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "523A4534-4A47-4E29-B33C-85C13B9523B1", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4303\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "3A5421E8-67EA-4D0D-889F-A64DA70E7695", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4304\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FD6DA33-2CB6-483D-8F89-B8D0C6A73FA7", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4304\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "4DB95678-6815-4FB6-AA22-E6FEC011B269", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4305\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6386C510-8897-4EF8-8A5C-EB869FEF98A1", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4305\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "A6C67678-4BC4-417A-AD6E-FB60B0F7A384", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-4306\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94D29BB6-F958-4BD5-BFCB-A2B914C0885A", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-4306\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "082B2ECB-179E-4DE9-856F-EDDBB42AF318", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5203\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0108A9FD-18D0-4D5B-92BE-641C81BFD17D", versionEndIncluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5203\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "8DBE3A7A-F96D-41B8-A150-BA5DC144DAA1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5204\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD2E2CCA-74C4-40E5-931B-AB307357D658", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5204\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "F3EE3467-287E-4729-8C2B-3F43B92A49B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5205\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CE8AF21-A70F-4EF5-A6A2-00C953B6181C", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5205\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "13B53684-BFE1-4100-9624-A034119E7CAA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5206\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7D1405E2-8561-4F3E-983C-C294BA6351CF", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5206\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "2CD7B74F-71F9-4B0F-A9EB-EEA6FBEF81FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5303\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94443EB3-0519-4238-B637-4FDB0B20ACCE", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5303\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "9D4FF612-453D-4287-8989-2779A6F6A0A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5304\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "833276FD-3A3B-4B83-94BA-589ADEF2010D", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5304\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "80089A85-1174-4E47-BC36-69DD11A3FFF8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5305\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D779360-F243-47C4-86A7-FF5020238F42", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5305\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "91554389-BCF9-48EB-B198-A192BAE6206D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-5306\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "151B1218-958A-4BE3-925F-D95F5ADCD942", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-5306\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "E65CA42E-371C-407C-84F9-64AC3F02FFE2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6201\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "334E43C5-CD20-4DCF-805D-34E75E4AE8C4", versionEndIncluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6201\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "D2BEE4ED-2C15-4E52-8FEC-BB7B5742274F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6202\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FEE9E55C-1241-40D2-9357-AF657BBEFB28", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6202\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "FF4E78EB-C91E-4E92-AF9F-90300EE96E03", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6203\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1805464-9B11-41E3-A80A-8FC5299A6E50", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6203\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "C98F37AB-BFC5-49C2-B8FD-21AA0266C703", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6204\\/8000-001_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "979D2D35-114F-4B23-A3E9-0F0A619B4AF9", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6204\\/8000-001:-:*:*:*:*:*:*:*", matchCriteriaId: "422F9EEC-8516-4692-93DE-BB0F385D2BD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6301\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "71DF0E46-8E22-49B5-B1E1-5B3CBAA7FD1E", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6301\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "742F9265-3770-4B4E-A327-2202E2DAEA84", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6302\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8FAE1A9D-1A41-475C-83D7-E9E0105E70BC", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6302\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB659-7FF2-4272-9818-3517AC55BFFD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6303\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C90343DF-DA2F-4AAE-AD85-AC715C838E47", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6303\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "1E7E5506-BA01-4B6F-9475-3F2056019858", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:762-6304\\/8000-002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FE417E0-9A5F-4C68-BF1B-10535FEF4B19", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:762-6304\\/8000-002:-:*:*:*:*:*:*:*", matchCriteriaId: "6E8E97AD-B5B4-4F54-A8B8-52E83F34C33D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:wago:752-8303\\/8000-0002_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F0090E3E-5CB8-4363-9CA0-A9165910BD9A", versionEndExcluding: "03.06.19\\(18\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:wago:752-8303\\/8000-0002:*:*:*:*:*:*:*:*", matchCriteriaId: "922FBB58-6D8C-42CC-AAB2-5372DF63C280", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.", }, { lang: "es", value: "En los productos CODESYS V3 en todas las versiones anteriores a la V3.5.16.0 que contienen CmpUserMgr, el sistema de tiempo de ejecución de CODESYS Control almacena las contraseñas de comunicación en línea utilizando un algoritmo hash débil. Esto puede ser utilizado por un atacante local con pocos privilegios para obtener el control total del dispositivo.", }, ], id: "CVE-2020-12069", lastModified: "2024-11-21T04:59:12.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "info@cert.vde.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-26T19:15:10.520", references: [ { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { source: "info@cert.vde.com", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2021-061/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-022/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2022-031/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", }, ], sourceIdentifier: "info@cert.vde.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-916", }, ], source: "info@cert.vde.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-916", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-23 11:15
Modified
2024-11-21 04:03
Severity ?
Summary
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesys | control_for_beaglebone | * | |
| codesys | control_for_empc-a\/imx6 | * | |
| codesys | control_for_iot2000 | * | |
| codesys | control_for_pfc100 | * | |
| codesys | control_for_pfc200 | * | |
| codesys | control_for_raspberry_pi | * | |
| codesys | control_rte | * | |
| codesys | control_v3_runtime_system_toolkit | * | |
| codesys | control_win | * | |
| codesys | embedded_target_visu_toolkit | * | |
| codesys | hmi | * | |
| codesys | remote_target_visu_toolkit | * | |
| codesys | runtime_plcwinnt | * | |
| codesys | runtime_system_toolkit | * | |
| codesys | runtime_system_toolkit | 3.5.15.0 | |
| codesys | simulation_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", matchCriteriaId: "B29080C3-A6D8-40D6-8C24-177C00FA27F0", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", matchCriteriaId: "B980C936-557F-4F14-A692-165129625A62", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", matchCriteriaId: "D282ECAB-FA07-4A81-8F43-AC46A08422D4", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", matchCriteriaId: "AC1C508C-6817-42E7-9B4C-CDCAC7477304", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", matchCriteriaId: "C1ECCA6D-3F95-4924-9CC6-7315B1608217", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", matchCriteriaId: "093C888E-8328-45E9-882C-39D7FBE8E251", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", matchCriteriaId: "4E767B6C-7762-4F3C-A8B0-BEC9C1C238D8", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "2DDCE092-30E5-43FB-A20F-A712DFD7B1C3", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", matchCriteriaId: "A47EA342-7BDA-4707-9A23-142126C407C1", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "A0FE0CC3-99BF-46BF-907D-E8F2785310BB", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", matchCriteriaId: "157E617E-7432-464A-AEC4-29D3806FA2D2", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", matchCriteriaId: "D95B012B-C9B0-4E2A-934B-3ECDE463722E", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:*", matchCriteriaId: "8931A117-72B6-4B1C-BF56-E7925D07A790", versionEndExcluding: "2.4.7.52", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:*", matchCriteriaId: "46335A20-A1BF-4E5B-BB1D-B7A4AFF6DB08", versionEndExcluding: "2.4.7.52", versionStartIncluding: "2.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "7A3A8DFF-705F-4562-87CE-E899C5DC2D18", vulnerable: true, }, { criteria: "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "9DD3AD40-BEE7-428D-B1F0-1349E10A9DD5", versionEndExcluding: "3.5.12.30", versionStartIncluding: "3.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.", }, ], id: "CVE-2018-25048", lastModified: "2024-11-21T04:03:26.283", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "info@cert.vde.com", type: "Primary", }, ], }, published: "2023-03-23T11:15:12.730", references: [ { source: "info@cert.vde.com", tags: [ "Not Applicable", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", }, ], sourceIdentifier: "info@cert.vde.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "info@cert.vde.com", type: "Primary", }, ], }