10
CVE-2018-10612
- EPSS 0.12%
- Veröffentlicht 29.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:39
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginIn 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control For Empc-a/imx6 Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control For Iot2000 Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control For Linux Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control For Pfc100 Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control For Pfc200 Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control For Raspberry Pi Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control Rte Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Control Runtime Toolkit Version >= 3.0 < 3.5.14.0
Codesys ≫ Control Win Sl Version >= 3.0 < 3.5.14.0
Codesys ≫ Development System V3 Version >= 3.0 < 3.5.14.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.31 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.