CVE-2020-12068

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 61.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone Codesys Control FOR Empc-a\/imx6 Codesys Control FOR Iot2000 +9 more

Timeline

PublishedMay 14

Latest updateMay 24

Description

An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages6 packages

▶NVDcodesys/development_system< 3.5.16.0

▶NVDcodesys/control_runtime_system_toolkit3.0 — 3.5.16.0

▶NVDcodesys/hmi3.0 — 3.5.16.0

▶NVDcodesys/control< 3.5.16.0

▶NVDcodesys/control_rte3.0 — 3.5.16.0

🔴Vulnerability Details

GHSA

GHSA-hcgh-3x98-2p2v: An issue was discovered in CODESYS Development System before 3↗2022-05-24

▶

CVEList

CVE-2020-12068: An issue was discovered in CODESYS Development System before 3↗2020-05-14

▶