CVE-2020-12068

Published May 14, 2020

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFAF3E76-D917-48FA-BE80-7CEF592359F3",
            "versionEndExcluding": "3.5.16.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "977B88F5-FA46-41A6-B65E-034EEBA19755",
            "versionEndExcluding": "3.5.16.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6E1A555-20F2-4C1D-824C-9BFE5A8C1184",
            "versionEndExcluding": "3.5.16.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03FB53F8-F076-41FB-B556-077F99584B76",
            "versionEndExcluding": "3.5.16.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2B23429-F3C9-4414-A3C8-FDEA5D0DFE96",
            "versionEndExcluding": "3.5.16.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References