Sign-up

ID

VAR-201902-0732


CVE

CVE-2018-20026


TITLE

CODESYS V3 Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014638

DESCRIPTION

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS V3 The product contains vulnerabilities related to security functions.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development. A security vulnerability exists in several 3S-Smart Software Solutions products, which stems from programs that do not properly restrict communication channels. An attacker could use this vulnerability to impersonate the source of a communication packet. The following products are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Development System, CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible

Trust: 2.52

sources: NVD: CVE-2018-20026 // JVNDB: JVNDB-2018-014638 // CNNVD: CNNVD-201812-787 // BID: 106251 // VULHUB: VHN-130791

AFFECTED PRODUCTS

vendor:3s smartmodel:codesys control rte v3scope: - version: -

Trust: 1.6

vendor:codesysmodel:control for empc-a\/imx6 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:development system v3scope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:hmi slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for empc-a\/imx6 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:opc serverscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:plchandlerscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:safety sil2scope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:opc serverscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control runtime toolkitscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:development system v3scope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:hmi slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control win slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:targetvisu slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:plchandlerscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:safety sil2scope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte sl \scope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control win slscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:targetvisu slscope:ltversion:3.5.14.0

Trust: 1.0

vendor:codesysmodel:control rte sl \scope:ltversion:3.5.14.0

Trust: 1.0

vendor:3s smartmodel:codesys control for beaglebonescope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for empc-a/imx6scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for iot2000scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for linuxscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc100scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for pfc200scope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control for raspberry piscope: - version: -

Trust: 0.8

vendor:3s smartmodel:codesys control runtime system toolkitscope: - version: -

Trust: 0.8

vendor:3smodel:codesys simulation runtimescope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys safety sil2scope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys remote target visu toolkitscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys embedded target visu toolkitscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys development systemscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys plchandler sdkscope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys opc serverscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys hmiscope:eqversion:3

Trust: 0.3

vendor:3smodel:codesys control winscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys control runtime system toolkitscope:eqversion:v30

Trust: 0.3

vendor:3smodel:codesys control rtescope:eqversion:3

Trust: 0.3

vendor:3smodel:codesys control for raspberry piscope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for pfc200scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for pfc100scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for linuxscope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for iot2000scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for empc-a/imx6scope:eqversion:0

Trust: 0.3

vendor:3smodel:codesys control for beaglebonescope:eqversion:0

Trust: 0.3

sources: BID: 106251 // JVNDB: JVNDB-2018-014638 // NVD: CVE-2018-20026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20026
value: HIGH

Trust: 1.0

NVD: CVE-2018-20026
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-787
value: HIGH

Trust: 0.6

VULHUB: VHN-130791
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20026
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-130791
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20026
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-20026
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-130791 // JVNDB: JVNDB-2018-014638 // CNNVD: CNNVD-201812-787 // NVD: CVE-2018-20026

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-130791 // JVNDB: JVNDB-2018-014638 // NVD: CVE-2018-20026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-787

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-787

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014638

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:Multiple 3S-Smart Software Solutions Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87985
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014638 // 
            
            
            
            CNNVD: CNNVD-201812-787

EXTERNAL IDS
db:NVDid:CVE-2018-20026
Trust: 2.8
db:ICS CERTid:ICSA-18-352-04
Trust: 2.8
db:BIDid:106251
Trust: 2.0
db:JVNDBid:JVNDB-2018-014638
Trust: 0.8
db:CNNVDid:CNNVD-201812-787
Trust: 0.7
db:VULHUBid:VHN-130791
Trust: 0.1
sources:
            
            
            VULHUB: VHN-130791 // 
            
            
            
            BID: 106251 // 
            
            
            
            JVNDB: JVNDB-2018-014638 // 
            
            
            
            CNNVD: CNNVD-201812-787 // 
            
            
            
            NVD: CVE-2018-20026

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/
Trust: 2.8
url:http://www.securityfocus.com/bid/106251
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-18-352-04
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2018-20026
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20026
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-352-04
Trust: 0.8
url:https://www.codesys.com/
Trust: 0.3
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-130791 // 
            
            
            
            BID: 106251 // 
            
            
            
            JVNDB: JVNDB-2018-014638 // 
            
            
            
            CNNVD: CNNVD-201812-787 // 
            
            
            
            NVD: CVE-2018-20026

CREDITS
Alexander Nochvay from Kaspersky Lab
Trust: 0.3
sources:
            
            
            BID: 106251

SOURCES
db:VULHUBid:VHN-130791
db:BIDid:106251
db:JVNDBid:JVNDB-2018-014638
db:CNNVDid:CNNVD-201812-787
db:NVDid:CVE-2018-20026

LAST UPDATE DATE
2024-11-23T22:37:55.043000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-130791date:2020-08-24T00:00:00
db:BIDid:106251date:2018-12-18T00:00:00
db:JVNDBid:JVNDB-2018-014638date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201812-787date:2020-08-25T00:00:00
db:NVDid:CVE-2018-20026date:2024-11-21T04:00:47.033

SOURCES RELEASE DATE
db:VULHUBid:VHN-130791date:2019-02-19T00:00:00
db:BIDid:106251date:2018-12-18T00:00:00
db:JVNDBid:JVNDB-2018-014638date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201812-787date:2018-12-19T00:00:00
db:NVDid:CVE-2018-20026date:2019-02-19T21:29:00.290