Vulnerability in 3s-smart Software Solutions Gmbh Codesys Control V3 Products Prior To Version 3.5.14.0
CVE-2018-10612
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive info…
EPSS: 0.013 (66.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- 3s-smart Software Solutions Gmbh Codesys Control V3 Products Prior To Version 3.5.14.0 — versions 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0
- Codesys Control_for_beaglebone_sl
- Codesys Control_for_empc-a\/imx6_sl
- Codesys Control_for_iot2000_sl
- Codesys Control_for_linux_sl
- Codesys Control_for_pfc100_sl
- Codesys Control_for_pfc200_sl
- Codesys Control_for_raspberry_pi_sl
- Codesys Control_rte_sl
- Codesys Control_runtime_toolkit
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-10612?
- CVE-2018-10612 is a critical-severity vulnerability in 3s-smart Software Solutions Gmbh Codesys Control V3 Products Prior To Version 3.5.14.0, classified under Improper Access Control. CVSS score: 9.8/10. Published 2019-01-29.
- How severe is CVE-2018-10612?
- Critical severity. CVSS v3 base score is 9.8 out of 10.