CVE-2020-12069

EPSS 0.06%
Veröffentlicht 26.12.2022 19:15:10
Zuletzt bearbeitet 05.05.2025 14:15:00
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

CODESYS V3 prone to Inadequate Password Hashing

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 35 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pilz ≫ Pmc Version >= 3.0.0 < 3.5.17

Codesys ≫ Control For Beaglebone Version < 3.5.16.0

Codesys ≫ Control For Iot2000 Version < 3.5.16.0

Codesys ≫ Control For Linux Version < 3.5.16.0

Codesys ≫ Control For Pfc100 Version < 3.5.16.0

Codesys ≫ Control For Pfc200 Version < 3.5.16.0

Codesys ≫ Control For Plcnext Version < 3.5.16.0

Codesys ≫ Control For Raspberry Pi Version < 3.5.16.0

Codesys ≫ Control Rte V3 Version < 3.5.16.0

Codesys ≫ Control V3 Runtime System Toolkit Version < 3.5.16.0

Codesys ≫ Control Win V3 Version < 3.5.16.0

Codesys ≫ Hmi V3 Version < 3.5.16.0

Codesys ≫ V3 Simulation Runtime Version < 3.5.16.0

Festo ≫ Controller Cecc-d Firmware Version2.3.8.0

Festo ≫ Controller Cecc-d Version-

Festo ≫ Controller Cecc-d Firmware Version2.3.8.1

Festo ≫ Controller Cecc-d Version-

Festo ≫ Controller Cecc-lk Firmware Version2.3.8.0

Festo ≫ Controller Cecc-lk Version-

Festo ≫ Controller Cecc-lk Firmware Version2.3.8.1

Festo ≫ Controller Cecc-lk Version-

Festo ≫ Controller Cecc-s Firmware Version2.3.8.0

Festo ≫ Controller Cecc-s Version-

Festo ≫ Controller Cecc-s Firmware Version2.3.8.1

Festo ≫ Controller Cecc-s Version-

Wago ≫ 750-8217 Firmware Version-

Wago ≫ 750-8217 Version-

Wago ≫ 750-8216 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8216 Version-

Wago ≫ 750-8215 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8215 Version-

Wago ≫ 750-8214 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8214 Version-

Wago ≫ 750-8213 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8213 Version-

Wago ≫ 750-8212 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8212 Version-

Wago ≫ 750-8211 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8211 Version-

Wago ≫ 750-8210 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8210 Version-

Wago ≫ 750-8207 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8207 Version-

Wago ≫ 750-8206 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8206 Version-

Wago ≫ 750-8204 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8204 Version-

Wago ≫ 750-8203 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8203 Version-

Wago ≫ 750-8202 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8202 Version-

Wago ≫ 750-8102 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8102 Version-

Wago ≫ 750-8101 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8101 Version-

Wago ≫ 750-8100 Firmware Version < 03.06.19\(18\)

Wago ≫ 750-8100 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.188

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
info@cert.vde.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=

Vendor Advisory

https://cert.vde.com/en/advisories/VDE-2021-061/

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2022-022/

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2022-031/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12069

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12069

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12069

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-12069