CVE-2018-20025

CWE-3304 documents4 sources
Severity
7.5HIGH
EPSS
0.6%
top 30.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Codesys Control FOR Beaglebone SLCodesys Control FOR Empc-a\/imx6 SLCodesys Control FOR Iot2000 SL+13 more
Timeline
PublishedFeb 19
Latest updateMar 3

Description

Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

CVEListV5kaspersky_lab/codesys_v3_productsprior V3.5.14.0
NVDcodesys/hmi_sl3.03.5.14.0
NVDcodesys/control3.03.5.14.0
NVDcodesys/gateway3.03.5.14.0
NVDcodesys/safety_sil23.03.5.14.0

🔴Vulnerability Details

2
GHSA
GHSA-j29p-v539-8x23: Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V32022-05-14
CVEList
CVE-2018-20025: Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V32019-02-19

🕵️Threat Intelligence

1
Bleepingcomputer
CISA tags Windows, Cisco vulnerabilities as actively exploited2025-03-03
CVE-2018-20025 (HIGH CVSS 7.5) | Use of Insufficiently Random Values | cvebase.io