CWE
311 732 284
Advisory Published
Updated

CVE-2018-10612

First published: Tue Jan 29 2019(Updated: )

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Codesys Control For Beaglebone Sl>=3.0<3.5.14.0
Codesys Control For Empc-a\/imx6 Sl>=3.0<3.5.14.0
Codesys Control For Iot2000 Sl>=3.0<3.5.14.0
Codesys Control For Linux Sl>=3.0<3.5.14.0
Codesys Control For Pfc100 Sl>=3.0<3.5.14.0
Codesys Control For Pfc200 Sl>=3.0<3.5.14.0
Codesys Control For Raspberry Pi Sl>=3.0<3.5.14.0
Codesys Control Rte Sl>=3.0<3.5.14.0
Codesys Control Runtime Toolkit>=3.0<3.5.14.0
Codesys Control Win Sl>=3.0<3.5.14.0
CODESYS Development System V3>=3.0<3.5.14.0
Codesys Hmi Sl>=3.0<3.5.14.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2018-10612?

    CVE-2018-10612 is a vulnerability in 3S-Smart Software Solutions GmbH CODESYS Control V3 products.

  • What is the severity of CVE-2018-10612?

    CVE-2018-10612 has a severity rating of 9.8 (critical).

  • What is affected by CVE-2018-10612?

    CVE-2018-10612 affects various CODESYS Control V3 products, including Codesys Control For Beaglebone Sl, Codesys Control For Empc-a/imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl, Codesys Control For Pfc200 Sl, Codesys Control For Raspberry Pi Sl, Codesys Control Rte Sl, Codesys Control Runtime Toolkit, Codesys Control Win Sl, CODESYS Development System V3, and Codesys Hmi Sl.

  • What is the vulnerability of CVE-2018-10612?

    CVE-2018-10612 allows an attacker access to the device and sensitive information, including user credentials, due to user access management and communication encryption not being enabled by default.

  • How can CVE-2018-10612 be fixed?

    To fix CVE-2018-10612, users should enable user access management and communication encryption in the affected CODESYS Control V3 products.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203