CVE-2018-10612
First published: Tue Jan 29 2019(Updated: )
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codesys Control For Beaglebone Sl | >=3.0<3.5.14.0 | |
| Codesys Control For Empc-a\/imx6 Sl | >=3.0<3.5.14.0 | |
| Codesys Control For Iot2000 Sl | >=3.0<3.5.14.0 | |
| Codesys Control For Linux Sl | >=3.0<3.5.14.0 | |
| Codesys Control For Pfc100 Sl | >=3.0<3.5.14.0 | |
| Codesys Control For Pfc200 Sl | >=3.0<3.5.14.0 | |
| Codesys Control For Raspberry Pi Sl | >=3.0<3.5.14.0 | |
| Codesys Control Rte Sl | >=3.0<3.5.14.0 | |
| Codesys Control Runtime Toolkit | >=3.0<3.5.14.0 | |
| Codesys Control Win Sl | >=3.0<3.5.14.0 | |
| CODESYS Development System V3 | >=3.0<3.5.14.0 | |
| Codesys Hmi Sl | >=3.0<3.5.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-10612?
CVE-2018-10612 is a vulnerability in 3S-Smart Software Solutions GmbH CODESYS Control V3 products.
What is the severity of CVE-2018-10612?
CVE-2018-10612 has a severity rating of 9.8 (critical).
What is affected by CVE-2018-10612?
CVE-2018-10612 affects various CODESYS Control V3 products, including Codesys Control For Beaglebone Sl, Codesys Control For Empc-a/imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl, Codesys Control For Pfc200 Sl, Codesys Control For Raspberry Pi Sl, Codesys Control Rte Sl, Codesys Control Runtime Toolkit, Codesys Control Win Sl, CODESYS Development System V3, and Codesys Hmi Sl.
What is the vulnerability of CVE-2018-10612?
CVE-2018-10612 allows an attacker access to the device and sensitive information, including user credentials, due to user access management and communication encryption not being enabled by default.
How can CVE-2018-10612 be fixed?
To fix CVE-2018-10612, users should enable user access management and communication encryption in the affected CODESYS Control V3 products.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/codesys
- canonical/codesys control for beaglebone sl
- version/codesys control for beaglebone sl/3.0
- canonical/codesys control for empc-a\/imx6 sl
- version/codesys control for empc-a\/imx6 sl/3.0
- canonical/codesys control for iot2000 sl
- version/codesys control for iot2000 sl/3.0
- canonical/codesys control for linux sl
- version/codesys control for linux sl/3.0
- canonical/codesys control for pfc100 sl
- version/codesys control for pfc100 sl/3.0
- canonical/codesys control for pfc200 sl
- version/codesys control for pfc200 sl/3.0
- canonical/codesys control for raspberry pi sl
- version/codesys control for raspberry pi sl/3.0
- canonical/codesys control rte sl
- version/codesys control rte sl/3.0
- canonical/codesys control runtime toolkit
- version/codesys control runtime toolkit/3.0
- canonical/codesys control win sl
- version/codesys control win sl/3.0
- canonical/codesys development system v3
- version/codesys development system v3/3.0
- canonical/codesys hmi sl
- version/codesys hmi sl/3.0