Insufficient Randomness Vulnerability in CODESYS V3 Products by CODESYS GmbH
CVE-2018-20025

7.5HIGH

Key Information:

Vendor: Kaspersky
Status: Codesys V3 Products
Vendor: CVE Published:; 19 February 2019

What is CVE-2018-20025?

A vulnerability exists in CODESYS V3 products due to the use of insufficiently random values, which can lead to security issues in systems utilizing these products. Specifically, versions prior to V3.5.14.0 are affected. This could expose sensitive data and facilitate unauthorized access, emphasizing the importance of updating to the latest version to mitigate potential risks. Users of CODESYS V3 should check their currently deployed versions and apply necessary patches as effective remediation. For further details, consult advisories from security and vulnerability databases.

Affected Version(s)

CODESYS V3 products prior V3.5.14.0

References

http://www.securityfocus.com/bid/106251

vdb-entryx_refsource_BID

https://ics-cert.kaspersky.com/advisories/klcert-advisori...

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2019
Vulnerability Reserved
Dec 10, 2018

Kaspersky

What is CVE-2018-20025?

Affected Version(s)

References

CVSS V3.1

Timeline