First published: Thu May 14 2020(Updated: )
An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Codesys Control For Beaglebone | <3.5.16.0 | |
Codesys Control For Empc-a\/imx6 | <3.5.16.0 | |
Codesys Control For Iot2000 | <3.5.16.0 | |
Codesys Control For Pfc100 | <3.5.16.0 | |
Codesys Control For Pfc200 | <3.5.16.0 | |
Codesys Control For Plcnext | <3.5.16.0 | |
Codesys Control For Raspberry Pi | <3.5.16.0 | |
Codesys Control Rte | >=3.0<3.5.16.0 | |
Codesys Control Runtime System Toolkit | >=3.0<3.5.16.0 | |
Codesys Control Win | >=3.0<3.5.16.0 | |
CODESYS Development System | <3.5.16.0 | |
Codesys Hmi | >=3.0<3.5.16.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12068 is a vulnerability in CODESYS Development System before version 3.5.16.0 that allows privilege escalation in CODESYS WebVisu and CODESYS Remote TargetVisu.
CVE-2020-12068 affects CODESYS Development System before version 3.5.16.0 and various CODESYS control systems including Control for Beaglebone, Control for Empc-a/imx6, Control for IoT2000, Control for Pfc100, Control for Pfc200, Control for Plcnext, Control for Raspberry Pi, Control RTE, Control Runtime System Toolkit, Control Win, and CODESYS HMI.
CVE-2020-12068 has a severity rating of 6.5 (medium).
To fix CVE-2020-12068, upgrade CODESYS Development System to version 3.5.16.0 or later and apply any necessary patches or updates from the CODESYS website.
For more information about CVE-2020-12068, you can visit the CODESYS website at https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13136&token=c267875c01ea70bc9613bc39c684eedc17f55420&download=.