CRITICAL🇬🇧 English

CVE-2018-10612

CVSS 9.8v3.0pub. 2019-01-29upd. 2024-11-21

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codesys Control For Beaglebone Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control For Empc A\/imx6 Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control For Iot2000 Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control For Linux Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control For Pfc100 Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control For Pfc200 Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control For Raspberry Pi Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control Rte Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control Runtime Toolkit

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Control Win Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Development System V3

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
  • Codesys Hmi Sl

    APP
    Codesys
    3.0 – 3.5.14.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-33485CRITICAL9.8ten sam produkt

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVE-2019-9010CRITICAL9.8ten sam produkt

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...

CVE-2025-41738HIGH7.5ten sam produkt

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to...

CVE-2023-6357HIGH8.8ten sam produkt

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via fil...

CVE-2022-4046HIGH8.8ten sam produkt

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buf...

CVE-2018-10612 — CRITICAL 9.8 | CVEbaza.pl