Insufficient Randomness Vulnerability in CODESYS V3 Products by CODESYS GmbH
CVE-2018-20025

7.5HIGH

Key Information:

Vendor
Kaspersky
Status
Codesys V3 Products
Vendor
CVE Published:
19 February 2019

Summary

A vulnerability exists in CODESYS V3 products due to the use of insufficiently random values, which can lead to security issues in systems utilizing these products. Specifically, versions prior to V3.5.14.0 are affected. This could expose sensitive data and facilitate unauthorized access, emphasizing the importance of updating to the latest version to mitigate potential risks. Users of CODESYS V3 should check their currently deployed versions and apply necessary patches as effective remediation. For further details, consult advisories from security and vulnerability databases.

Affected Version(s)

CODESYS V3 products prior V3.5.14.0

References

http://www.securityfocus.com/bid/106251
vdb-entryx_refsource_BID
https://ics-cert.kaspersky.com/advisories/klcert-advisori...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.