8.8

CVE-2019-9013

EPSS 0.14%
Veröffentlicht 15.08.2019 17:15:13
Zuletzt bearbeitet 21.11.2024 04:50:48
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codesys ≫ Control For Beaglebone Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Control For Empc-a/imx6 Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Control For Iot2000 Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Control For Linux Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Control For Pfc100 Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Control For Pfc200 Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Control Rte Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Control Win Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Development System Version >= 3.0 < 3.5.16.0

Codesys ≫ Hmi Sl Version >= 3.0 < 3.5.16.0

Codesys ≫ Raspberry Pi Version >= 3.0 < 3.5.16.0

Codesys ≫ Runtime Toolkit Version >= 3.0 < 3.5.16.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.351

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=

Vendor Advisory

https://www.us-cert.gov/ics/advisories/icsa-19-213-04

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-9013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-9013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-9013

EUVD