CVE-2018-10612

CWE-284Improper Access ControlCWE-311CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 55.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Codesys Control FOR Beaglebone SLCodesys Control FOR Empc-a\/imx6 SLCodesys Control FOR Iot2000 SL+10 more
Timeline
PublishedJan 29
Latest updateMay 13

Description

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

CVEListV53s-smart/3s-smart_software_solutions_gmbh_codesys_control_v3_products_prior_to_version_3.5.14.03S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0
NVDcodesys/control3.03.5.14.0
NVDcodesys/control_rte_sl3.03.5.14.0
NVDcodesys/control_win_sl3.03.5.14.0
NVDcodesys/control_runtime_toolkit3.03.5.14.0

🔴Vulnerability Details

2
GHSA
GHSA-hvp9-xhr6-2xm4: In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 32022-05-13
CVEList
CVE-2018-10612: In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 32019-01-29
CVE-2018-10612 (CRITICAL CVSS 9.8) | In 3S-Smart Software Solutions GmbH | cvebase.io