Improper Filtering Vulnerability in CODESYS V3 Products by CODESYS Group
CVE-2018-20026

7.5HIGH

Key Information:

Vendor: Kaspersky
Status: Codesys V3 Products
Vendor: CVE Published:; 19 February 2019

What is CVE-2018-20026?

The vulnerability presents an improper communication address filtering issue in CODESYS V3 products. This flaw exists in versions prior to 3.5.14.0, potentially allowing unauthorized communication with controlled devices. Attackers could exploit this weakness to gain access to sensitive operations within the industrial control systems, leading to disruptions or unauthorized control.

Affected Version(s)

CODESYS V3 products prior V3.5.14.0

References

http://www.securityfocus.com/bid/106251

vdb-entryx_refsource_BID

https://ics-cert.kaspersky.com/advisories/klcert-advisori...

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2019
Vulnerability Reserved
Dec 10, 2018

Kaspersky

What is CVE-2018-20026?

Affected Version(s)

References

CVSS V3.1

Timeline