In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCodesys Control For Beaglebone
APPCodesys< 3.5.16.0Codesys Control For Empc A\/imx6
APPCodesys< 3.5.16.0Codesys Control For Iot2000
APPCodesys< 3.5.16.0Codesys Control For Linux
APPCodesys< 3.5.16.0Codesys Control For Pfc100
APPCodesys< 3.5.16.0Codesys Control For Pfc200
APPCodesys< 3.5.16.0Codesys Control For Plcnext
APPCodesys< 3.5.16.0Codesys Control For Raspberry Pi
APPCodesys< 3.5.16.0Codesys Control Rte V3
APPCodesys< 3.5.16.0Codesys Control V3 Runtime System Toolkit
APPCodesys< 3.5.16.0Codesys Control Win V3
APPCodesys< 3.5.16.0Codesys Hmi V3
APPCodesys< 3.5.16.0Codesys V3 Simulation Runtime
APPCodesys< 3.5.16.0Festo Controller Cecc D
HWFestowszystkie wersjeFesto Controller Cecc D Firmware
OSFesto2.3.8.02.3.8.1Festo Controller Cecc Lk
HWFestowszystkie wersjeFesto Controller Cecc Lk Firmware
OSFesto2.3.8.02.3.8.1Festo Controller Cecc S
HWFestowszystkie wersjeFesto Controller Cecc S Firmware
OSFesto2.3.8.02.3.8.1Pilz Pmc
APPPilz3.0.0 – 3.5.17 (bez)Wago 750 8100
HWWagowszystkie wersjeWago 750 8100 Firmware
OSWago< 03.06.19\(18\)Wago 750 8101
HWWagowszystkie wersjeWago 750 8101 Firmware
OSWago< 03.06.19\(18\)Wago 750 8102
HWWagowszystkie wersjeWago 750 8102 Firmware
OSWago< 03.06.19\(18\)Wago 750 8202
HWWagowszystkie wersjeWago 750 8202 Firmware
OSWago< 03.06.19\(18\)Wago 750 8203
HWWagowszystkie wersjeWago 750 8203 Firmware
OSWago< 03.06.19\(18\)
Related vulnerabilities
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protoc...
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS c...
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted...
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- s...
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.