CVE-2020-12068

An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.4 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=	Mitigation Vendor Advisory
https://www.codesys.com	Product
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=	Mitigation Vendor Advisory
https://www.codesys.com	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control_for_beaglebone::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6::::::::
	cpe:2.3:a:codesys:control_for_iot2000::::::::
	cpe:2.3:a:codesys:control_for_pfc100::::::::
	cpe:2.3:a:codesys:control_for_pfc200::::::::
	cpe:2.3:a:codesys:control_for_plcnext::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi::::::::
	cpe:2.3:a:codesys:control_rte::::::::
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win::::::::
	cpe:2.3:a:codesys:development_system::::::::
	cpe:2.3:a:codesys:hmi::::::::

History

21 Nov 2024, 04:59

Type	Values Removed	Values Added
References	~~() https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= - Mitigation, Vendor Advisory~~	() https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download= - Mitigation, Vendor Advisory
References	~~() https://www.codesys.com - Product~~	() https://www.codesys.com - Product

Information

Published : 2020-05-14 21:15

Updated : 2024-11-21 04:59

NVD link : CVE-2020-12068

Mitre link : CVE-2020-12068

CVE.ORG link : CVE-2020-12068

JSON object : View

Products Affected

codesys

control_for_empc-a\/imx6
control_for_plcnext
control_for_beaglebone
control_for_pfc100
hmi
control_rte
development_system
control_win
control_for_raspberry_pi
control_runtime_system_toolkit
control_for_iot2000
control_for_pfc200

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-12068", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2020-05-14T21:15:13.260", "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.codesys.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.codesys.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation."}, {"lang": "es", "value": "Se detect\u00f3 un problema en CODESYS Development System versiones anteriores a 3.5.16.0. CODESYS WebVisu y CODESYS Remote TargetVisu son susceptibles a una escalada de privilegios."}], "lastModified": "2024-11-21T04:59:12.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A5313A0-4D9B-4B1F-B432-F84130717DE7", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9EA03EF-F424-4AC6-AC0B-A284A2553092", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38ECECFA-13C2-459E-B509-5F663E72CDE9", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7BD8B5A-8CD7-463C-82D7-06F6DE7E6DB0", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC12843-4775-46BF-BB7F-35D7A4825027", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E46BF9-F5A0-4C09-BE2B-486263D89E85", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C17614A6-F334-4955-824D-A237A9672ECD", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFAF3E76-D917-48FA-BE80-7CEF592359F3", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "977B88F5-FA46-41A6-B65E-034EEBA19755", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6E1A555-20F2-4C1D-824C-9BFE5A8C1184", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03FB53F8-F076-41FB-B556-077F99584B76", "versionEndExcluding": "3.5.16.0"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2B23429-F3C9-4414-A3C8-FDEA5D0DFE96", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-12068

6.5^/10

6.4^/10

Attach tags to `CVE-2020-12068`