CVE-2018-20026

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
KasperskyCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
codesyscontrol_for_beaglebone_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_for_empc-a\/imx6_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_for_iot2000_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_for_linux_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_for_pfc100_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_for_pfc200_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_for_raspberry_pi_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_rte_sl
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_runtime_toolkit
3.0 ≤
𝑥
< 3.5.14.0
codesyscontrol_win_sl
3.0 ≤
𝑥
< 3.5.14.0
codesysdevelopment_system_v3
3.0 ≤
𝑥
< 3.5.14.0
codesysgateway
3.0 ≤
𝑥
< 3.5.14.0
codesyshmi_sl
3.0 ≤
𝑥
< 3.5.14.0
codesysopc_server
3.0 ≤
𝑥
< 3.5.14.0
codesysplchandler
3.0 ≤
𝑥
< 3.5.14.0
codesyssafety_sil2
3.0 ≤
𝑥
< 3.5.14.0
codesystargetvisu_sl
3.0 ≤
𝑥
< 3.5.14.0
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/106251
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04
http://www.securityfocus.com/bid/106251
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04