Username Enumeration Vulnerability in Pilz PMC Programming Tool
CVE-2019-9011

5.3MEDIUM

Key Information:

Vendor: Pilz
Status: Pmc
Vendor: CVE Published:; 26 December 2022

What is CVE-2019-9011?

The Pilz PMC programming tool versions before 3.5.17, which operates on the CODESYS Development System, contains a vulnerability that allows an attacker to enumerate valid usernames. This poses a risk to user accounts by potentially enabling unauthorized access attempts based on the acquired information. Organizations using these versions should assess their systems and apply the necessary updates to mitigate this security risk.

References

https://cert.vde.com/en/advisories/VDE-2021-061/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2022
Vulnerability Reserved
Feb 22, 2019

CVE-2019-9011 Data

JSON