CVE-2018-20025

Published Feb 19, 2019

Last updated 6 years ago

CVSS high 7.5

Overview

Description: Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
Source: vulnerability@kaspersky.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-330

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "087FE9CF-7492-416A-9585-0E8C00ABB320",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C0A629A-E3CE-428A-81C1-25965A681B73",
            "versionEndExcluding": "3.5.14.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References