CVE-2020-12068

An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.4 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=	Mitigation Vendor Advisory
https://www.codesys.com	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control_for_beaglebone::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6::::::::
	cpe:2.3:a:codesys:control_for_iot2000::::::::
	cpe:2.3:a:codesys:control_for_pfc100::::::::
	cpe:2.3:a:codesys:control_for_pfc200::::::::
	cpe:2.3:a:codesys:control_for_plcnext::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi::::::::
	cpe:2.3:a:codesys:control_rte::::::::
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win::::::::
	cpe:2.3:a:codesys:development_system::::::::
	cpe:2.3:a:codesys:hmi::::::::

History

No history.

Information

Published : 2020-05-14 21:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-12068

Mitre link : CVE-2020-12068

CVE.ORG link : CVE-2020-12068

JSON object : View

Products Affected

codesys

control_for_pfc100
control_win
hmi
development_system
control_for_pfc200
control_for_iot2000
control_for_beaglebone
control_for_plcnext
control_for_raspberry_pi
control_runtime_system_toolkit
control_rte
control_for_empc-a\/imx6

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-12068", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2020-05-14T21:15:13.260", "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.codesys.com", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."}, {"lang": "es", "value": "Se detect\u00f3 un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFAF3E76-D917-48FA-BE80-7CEF592359F3", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "977B88F5-FA46-41A6-B65E-034EEBA19755", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6E1A555-20F2-4C1D-824C-9BFE5A8C1184", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03FB53F8-F076-41FB-B556-077F99584B76", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2B23429-F3C9-4414-A3C8-FDEA5D0DFE96", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}