CVE-2018-20026 - Vulnerability Details

Vendors	Products
Codesys	Control For Beaglebone Sl Control For Empc-a\/imx6 Sl Control For Iot2000 Sl Control For Linux Sl Control For Pfc100 Sl Control For Pfc200 Sl Control For Raspberry Pi Sl Control Rte Sl Control Rte Sl \(for Beckhoff Cx\) Control Runtime Toolkit Control Win Sl Development System V3 Gateway Hmi Sl Opc Server Plchandler Safety Sil2 Targetvisu Sl

Link	Providers
http://www.securityfocus.com/bid/106251
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "CODESYS V3 products", "vendor": "Kaspersky Lab", "versions": [{"status": "affected", "version": "prior V3.5.14.0"}]}], "datePublic": "2018-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."}], "problemTypes": [{"descriptions": [{"description": "Improper Communication Address Filtering", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-02T14:43:36", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"name": "106251", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106251"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "DATE_PUBLIC": "2018-12-19T00:00:00", "ID": "CVE-2018-20026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS V3 products", "version": {"version_data": [{"version_value": "prior V3.5.14.0"}]}}]}, "vendor_name": "Kaspersky Lab"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Communication Address Filtering"}]}]}, "references": {"reference_data": [{"name": "106251", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106251"}, {"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:51:18.313Z"}, "title": "CVE Program Container", "references": [{"name": "106251", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106251"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2018-20026", "datePublished": "2019-02-19T21:00:00Z", "dateReserved": "2018-12-10T00:00:00", "dateUpdated": "2024-09-16T20:37:39.329Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : CODESYS V3 products (string)

vendor : Kaspersky Lab (string)

versions : [ »

0 : { »

status : affected (string)

version : prior V3.5.14.0 (string)

}

]

}

]

datePublic : 2018-12-19T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Improper Communication Address Filtering (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-04-02T14:43:36 (string)

orgId : e45d732a-8f6b-4b6b-be76-7420f6a2b988 (string)

shortName : Kaspersky (string)

}

references : [ »

0 : { »

name : 106251 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/106251 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vulnerability@kaspersky.com (string)

DATE_PUBLIC : 2018-12-19T00:00:00 (string)

ID : CVE-2018-20026 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : CODESYS V3 products (string)

version : { »

version_data : [ »

0 : { »

version_value : prior V3.5.14.0 (string)

}

]

}

]

}

vendor_name : Kaspersky Lab (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Improper Communication Address Filtering (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 106251 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/106251 (string)

}

1 : { »

name : https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ (string)

refsource : MISC (string)

url : https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ (string)

}

2 : { »

name : https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 (string)

refsource : MISC (string)

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T11:51:18.313Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 106251 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/106251 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : e45d732a-8f6b-4b6b-be76-7420f6a2b988 (string)

assignerShortName : Kaspersky (string)

cveId : CVE-2018-20026 (string)

datePublished : 2019-02-19T21:00:00Z (string)

dateReserved : 2018-12-10T00:00:00 (string)

dateUpdated : 2024-09-16T20:37:39.329Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", "matchCriteriaId": "00F359B4-0530-47A3-BFBB-BA7D32104919", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3A3A591-9B7A-4328-93C8-728D3E3E045D", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7E0C96B-5FD4-422A-B429-860192BC46A0", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C0A629A-E3CE-428A-81C1-25965A681B73", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:targetvisu_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA2E1543-D82B-4BE7-8C9C-4EAABFB1F68B", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."}, {"lang": "es", "value": "Existe el filtrado de direcciones de comunicaci\u00f3n incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0."}], "id": "CVE-2018-20026", "lastModified": "2024-11-21T04:00:47.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-19T21:29:00.290", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106251"}, {"source": "vulnerability@kaspersky.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 30E5A50D-470A-4C7D-A634-E97AE95B38B5 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 455BEF47-4D2A-4314-AF1D-C5C46236B135 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D2E52640-4AA9-40C1-A00E-374334F761C7 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C87347FA-38EA-4299-A822-63FCF0E34577 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EE9699B0-CCE3-42AB-8208-492382D59582 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 20CFD36A-208D-444C-A3C3-C2B11CAF65AC (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E623E98-8040-43D2-81B5-D6B06B374472 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AA6D880C-195D-4830-B0B5-7D7BC32182B4 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 00F359B4-0530-47A3-BFBB-BA7D32104919 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 63F51840-0A93-43BD-B8D0-145C7C52C7B0 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A3A3A591-9B7A-4328-93C8-728D3E3E045D (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E7E0C96B-5FD4-422A-B429-860192BC46A0 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6C0A629A-E3CE-428A-81C1-25965A681B73 (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:codesys:targetvisu_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BA2E1543-D82B-4BE7-8C9C-4EAABFB1F68B (string)

versionEndExcluding : 3.5.14.0 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. (string)

}

1 : { »

lang : es (string)

value : Existe el filtrado de direcciones de comunicación incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. (string)

}

]

id : CVE-2018-20026 (string)

lastModified : 2024-11-21T04:00:47.033 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-02-19T21:29:00.290 (string)

references : [ »

0 : { »

source : vulnerability@kaspersky.com (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/106251 (string)

}

1 : { »

source : vulnerability@kaspersky.com (string)

tags : [ »

0 : Mitigation (string)

1 : Third Party Advisory (string)

]

url : https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ (string)

}

2 : { »

source : vulnerability@kaspersky.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/106251 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mitigation (string)

1 : Third Party Advisory (string)

]

url : https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 (string)

}

]

sourceIdentifier : vulnerability@kaspersky.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object