CVE-2020-12069

CWE-9163 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 77.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys V3 Containing THE Cmpusermgr Codesys Control FOR Beaglebone Codesys Control FOR Empc-a\/imx6 +61 more

Timeline

PublishedDec 26

Description

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages57 packages

▶NVDcodesys/control_v3_runtime_system_toolkit< 3.5.16.0

▶NVDcodesys/control< 3.5.16.0

▶NVDcodesys/control_rte_v3< 3.5.16.0

▶NVDcodesys/control_win_v3< 3.5.16.0

▶CVEListV5codesys/codesys_v3_containing_the_cmpusermgrV3 — V3.5.16.0

🔴Vulnerability Details

GHSA

GHSA-26j2-2wp8-h95h: In Pilz PMC programming tool 3↗2022-12-26

▶

CVEList

CODESYS V3 prone to Inadequate Password Hashing↗2022-12-26

▶