Improper Filtering Vulnerability in CODESYS V3 Products by CODESYS Group
CVE-2018-20026

7.5HIGH

Key Information:

Vendor
Kaspersky
Status
Codesys V3 Products
Vendor
CVE Published:
19 February 2019

Summary

The vulnerability presents an improper communication address filtering issue in CODESYS V3 products. This flaw exists in versions prior to 3.5.14.0, potentially allowing unauthorized communication with controlled devices. Attackers could exploit this weakness to gain access to sensitive operations within the industrial control systems, leading to disruptions or unauthorized control.

Affected Version(s)

CODESYS V3 products prior V3.5.14.0

References

http://www.securityfocus.com/bid/106251
vdb-entryx_refsource_BID
https://ics-cert.kaspersky.com/advisories/klcert-advisori...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.