Sign-up

ID

VAR-201902-0731


CVE

CVE-2018-20025


TITLE

CODESYS Vulnerabilities related to insufficient random values in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014590

DESCRIPTION

Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development. A number of 3S-Smart Software Solutions products have security vulnerabilities that result from programs using values with insufficient randomness. An attacker could use this vulnerability to affect the confidentiality and integrity of the data. The following products are affected: 3S-Smart CODESYS Control for BeagleBone; CODESYS Control for emPC-A / iMX6; CODESYS Control for IOT2000; CODESYS Control for Linux; CODESYS Control for PFC100; CODESYS Control for PFC200; CODESYS Control for Raspberry Pi; CODESYS Control RTE V3; CODESYS Control RTE V3 (for Beckhoff CX); CODESYS Control Win V3 (part of CODESYS Development System setup); CODESYS Control V3 Runtime System Toolkit; CODESYS V3 Embedded Target Visu Toolkit; CODESYS V3 Remote Target Visu Toolkit; CODESYS V3 Safety SIL2; CODESYS Gateway V3; CODESYS HMI V3; CODESYS OPC Server V3; CODESYS PLCHandler SDK; CODESYS V3 Development System; CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible

Trust: 2.52

sources: NVD: CVE-2018-20025 // JVNDB: JVNDB-2018-014590 // CNNVD: CNNVD-201812-786 // BID: 106251 // VULHUB: VHN-130790

AFFECTED PRODUCTS

vendor:3s smartmodel:codesys control rte v3scope: - version: -

Trust: 1.6

vendor:codesysmodel:control for empc-a\/imx6 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:hmi slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for empc-a\/imx6 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:safety sil2scope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:development systemscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:hmi slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control win slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:safety sil2scope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte sl \scope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control win slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte sl \scope:ltversion:3.5.14.0

Trust: 1.0

vendor:3s smartmodel:codesys control for beaglebonescope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for empc-a/imx6scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for iot2000scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for linuxscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc100scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc200scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for raspberry piscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control runtime toolkitscope: - version: -

Trust: 0.8

vendor:3smodel:codesys simulation runtimescope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys safety sil2scope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys remote target visu toolkitscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys embedded target visu toolkitscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys development systemscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys plchandler sdkscope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys opc serverscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys hmiscope:eqversion:3

Trust: 0.3

vendor:3smodel:codesys control winscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys control runtime system toolkitscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys control rtescope:eqversion:3

Trust: 0.3

vendor:3smodel:codesys control for raspberry piscope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for pfc200scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for pfc100scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for linuxscope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for iot2000scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for empc-a/imx6scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for beaglebonescope:eqversion:0

Trust: 0.3

sources: BID: 106251 // JVNDB: JVNDB-2018-014590 // NVD: CVE-2018-20025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20025
value: HIGH

Trust: 1.0

NVD: CVE-2018-20025
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-786
value: HIGH

Trust: 0.6

VULHUB: VHN-130790
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20025
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-130790
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20025
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-130790 // JVNDB: JVNDB-2018-014590 // CNNVD: CNNVD-201812-786 // NVD: CVE-2018-20025

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.9

sources: VULHUB: VHN-130790 // JVNDB: JVNDB-2018-014590 // NVD: CVE-2018-20025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-786

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201812-786

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014590

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:Multiple 3S-Smart Software Solutions Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87984
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014590 // 
            
            
            
            CNNVD: CNNVD-201812-786

EXTERNAL IDS
db:NVDid:CVE-2018-20025
Trust: 2.8
db:ICS CERTid:ICSA-18-352-04
Trust: 2.8
db:BIDid:106251
Trust: 2.0
db:JVNDBid:JVNDB-2018-014590
Trust: 0.8
db:CNNVDid:CNNVD-201812-786
Trust: 0.7
db:VULHUBid:VHN-130790
Trust: 0.1
sources:
            
            
            VULHUB: VHN-130790 // 
            
            
            
            BID: 106251 // 
            
            
            
            JVNDB: JVNDB-2018-014590 // 
            
            
            
            CNNVD: CNNVD-201812-786 // 
            
            
            
            NVD: CVE-2018-20025

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-352-04
Trust: 2.8
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/
Trust: 2.0
url:http://www.securityfocus.com/bid/106251
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-20025
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20025
Trust: 0.8
url:https://www.codesys.com/
Trust: 0.3
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-130790 // 
            
            
            
            BID: 106251 // 
            
            
            
            JVNDB: JVNDB-2018-014590 // 
            
            
            
            CNNVD: CNNVD-201812-786 // 
            
            
            
            NVD: CVE-2018-20025

CREDITS
Alexander Nochvay from Kaspersky Lab
Trust: 0.3
sources:
            
            
            BID: 106251

SOURCES
db:VULHUBid:VHN-130790
db:BIDid:106251
db:JVNDBid:JVNDB-2018-014590
db:CNNVDid:CNNVD-201812-786
db:NVDid:CVE-2018-20025

LAST UPDATE DATE
2024-11-23T22:37:55.012000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-130790date:2019-04-02T00:00:00
db:BIDid:106251date:2018-12-18T00:00:00
db:JVNDBid:JVNDB-2018-014590date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201812-786date:2019-04-03T00:00:00
db:NVDid:CVE-2018-20025date:2024-11-21T04:00:46.897

SOURCES RELEASE DATE
db:VULHUBid:VHN-130790date:2019-02-19T00:00:00
db:BIDid:106251date:2018-12-18T00:00:00
db:JVNDBid:JVNDB-2018-014590date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201812-786date:2018-12-19T00:00:00
db:NVDid:CVE-2018-20025date:2019-02-19T21:29:00.243