Vulnerability Details CVE-2019-9013
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=
- https://www.us-cert.gov/ics/advisories/icsa-19-213-04
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=
- https://www.us-cert.gov/ics/advisories/icsa-19-213-04
Products affected by CVE-2019-9013
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.10.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.14.10
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.14.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.14.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.14.40
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.15.0
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.15.10
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.15.20
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.15.30
-
cpe:2.3:a:codesys:control_for_beaglebone_sl:3.5.15.40
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.14.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.15.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.15.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.15.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.15.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6_sl:3.5.15.40
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.14.10
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.14.20
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.14.30
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.14.40
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.15.0
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.15.10
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.15.20
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.15.30
-
cpe:2.3:a:codesys:control_for_iot2000_sl:3.5.15.40
-
cpe:2.3:a:codesys:control_for_linux_sl:3.0
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.14.20
-
cpe:2.3:a:codesys:control_for_linux_sl:3.5.15.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.40
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.14.20
-
cpe:2.3:a:codesys:control_for_pfc100_sl:3.5.15.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.40
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.14.20
-
cpe:2.3:a:codesys:control_for_pfc200_sl:3.5.15.0
-
cpe:2.3:a:codesys:control_rte_sl:3.0
-
cpe:2.3:a:codesys:control_rte_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_rte_sl:3.5.10.10
-
cpe:2.3:a:codesys:control_rte_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_rte_sl:3.5.10.40
-
cpe:2.3:a:codesys:control_rte_sl:3.5.10.50
-
cpe:2.3:a:codesys:control_rte_sl:3.5.10.60
-
cpe:2.3:a:codesys:control_rte_sl:3.5.10.95
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.30
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.40
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.42
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_rte_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_rte_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_rte_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_rte_sl:3.5.12.20
-
cpe:2.3:a:codesys:control_rte_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_rte_sl:3.5.12.50
-
cpe:2.3:a:codesys:control_rte_sl:3.5.12.60
-
cpe:2.3:a:codesys:control_rte_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_rte_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_rte_sl:3.5.13.10
-
cpe:2.3:a:codesys:control_rte_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_rte_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_rte_sl:3.5.13.40
-
cpe:2.3:a:codesys:control_rte_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_rte_sl:3.5.8.60
-
cpe:2.3:a:codesys:control_rte_sl:3.5.9.40
-
cpe:2.3:a:codesys:control_rte_sl:3.5.9.50
-
cpe:2.3:a:codesys:control_rte_sl:3.5.9.60
-
cpe:2.3:a:codesys:control_rte_sl:3.5.9.70
-
cpe:2.3:a:codesys:control_win_sl:3.0
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.0
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.10
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.20
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.30
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.40
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.50
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.60
-
cpe:2.3:a:codesys:control_win_sl:3.5.10.70
-
cpe:2.3:a:codesys:control_win_sl:3.5.11.0
-
cpe:2.3:a:codesys:control_win_sl:3.5.11.10
-
cpe:2.3:a:codesys:control_win_sl:3.5.11.20
-
cpe:2.3:a:codesys:control_win_sl:3.5.11.30
-
cpe:2.3:a:codesys:control_win_sl:3.5.11.40
-
cpe:2.3:a:codesys:control_win_sl:3.5.11.50
-
cpe:2.3:a:codesys:control_win_sl:3.5.11.60
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.0
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.10
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.20
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.30
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.40
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.50
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.60
-
cpe:2.3:a:codesys:control_win_sl:3.5.12.70
-
cpe:2.3:a:codesys:control_win_sl:3.5.13.0
-
cpe:2.3:a:codesys:control_win_sl:3.5.13.10
-
cpe:2.3:a:codesys:control_win_sl:3.5.13.20
-
cpe:2.3:a:codesys:control_win_sl:3.5.13.30
-
cpe:2.3:a:codesys:control_win_sl:3.5.13.40
-
cpe:2.3:a:codesys:control_win_sl:3.5.14.0
-
cpe:2.3:a:codesys:control_win_sl:3.5.14.10
-
cpe:2.3:a:codesys:control_win_sl:3.5.14.20
-
cpe:2.3:a:codesys:control_win_sl:3.5.14.30
-
cpe:2.3:a:codesys:control_win_sl:3.5.14.40
-
cpe:2.3:a:codesys:control_win_sl:3.5.15.0
-
cpe:2.3:a:codesys:control_win_sl:3.5.15.10
-
cpe:2.3:a:codesys:control_win_sl:3.5.15.20
-
cpe:2.3:a:codesys:control_win_sl:3.5.15.30
-
cpe:2.3:a:codesys:control_win_sl:3.5.15.40
-
cpe:2.3:a:codesys:control_win_sl:3.5.15.50
-
cpe:2.3:a:codesys:control_win_sl:3.5.9.80
-
cpe:2.3:a:codesys:development_system:3.0
-
cpe:2.3:a:codesys:development_system:3.5.10.0
-
cpe:2.3:a:codesys:development_system:3.5.10.10
-
cpe:2.3:a:codesys:development_system:3.5.10.20
-
cpe:2.3:a:codesys:development_system:3.5.10.30
-
cpe:2.3:a:codesys:development_system:3.5.10.40
-
cpe:2.3:a:codesys:development_system:3.5.10.50
-
cpe:2.3:a:codesys:development_system:3.5.10.60
-
cpe:2.3:a:codesys:development_system:3.5.10.70
-
cpe:2.3:a:codesys:development_system:3.5.11.0
-
cpe:2.3:a:codesys:development_system:3.5.11.10
-
cpe:2.3:a:codesys:development_system:3.5.11.20
-
cpe:2.3:a:codesys:development_system:3.5.11.30
-
cpe:2.3:a:codesys:development_system:3.5.11.40
-
cpe:2.3:a:codesys:development_system:3.5.11.50
-
cpe:2.3:a:codesys:development_system:3.5.11.60
-
cpe:2.3:a:codesys:development_system:3.5.12.0
-
cpe:2.3:a:codesys:development_system:3.5.12.10
-
cpe:2.3:a:codesys:development_system:3.5.12.20
-
cpe:2.3:a:codesys:development_system:3.5.12.30
-
cpe:2.3:a:codesys:development_system:3.5.12.40
-
cpe:2.3:a:codesys:development_system:3.5.12.50
-
cpe:2.3:a:codesys:development_system:3.5.12.60
-
cpe:2.3:a:codesys:development_system:3.5.12.70
-
cpe:2.3:a:codesys:development_system:3.5.13.0
-
cpe:2.3:a:codesys:development_system:3.5.13.10
-
cpe:2.3:a:codesys:development_system:3.5.13.20
-
cpe:2.3:a:codesys:development_system:3.5.13.30
-
cpe:2.3:a:codesys:development_system:3.5.13.40
-
cpe:2.3:a:codesys:development_system:3.5.14.0
-
cpe:2.3:a:codesys:development_system:3.5.14.10
-
cpe:2.3:a:codesys:development_system:3.5.14.20
-
cpe:2.3:a:codesys:development_system:3.5.14.30
-
cpe:2.3:a:codesys:development_system:3.5.14.40
-
cpe:2.3:a:codesys:development_system:3.5.15.0
-
cpe:2.3:a:codesys:development_system:3.5.15.10
-
cpe:2.3:a:codesys:development_system:3.5.15.20
-
cpe:2.3:a:codesys:development_system:3.5.15.30
-
cpe:2.3:a:codesys:development_system:3.5.15.40
-
cpe:2.3:a:codesys:development_system:3.5.15.50
-
cpe:2.3:a:codesys:development_system:3.5.9.0
-
cpe:2.3:a:codesys:development_system:3.5.9.40
-
cpe:2.3:a:codesys:development_system:3.5.9.50
-
cpe:2.3:a:codesys:development_system:3.5.9.60
-
cpe:2.3:a:codesys:development_system:3.5.9.70
-
cpe:2.3:a:codesys:development_system:3.5.9.80
-
cpe:2.3:a:codesys:hmi_sl:3.0
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.0
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.10
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.20
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.30
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.40
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.50
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.60
-
cpe:2.3:a:codesys:hmi_sl:3.5.10.70
-
cpe:2.3:a:codesys:hmi_sl:3.5.11.0
-
cpe:2.3:a:codesys:hmi_sl:3.5.11.10
-
cpe:2.3:a:codesys:hmi_sl:3.5.11.20
-
cpe:2.3:a:codesys:hmi_sl:3.5.11.30
-
cpe:2.3:a:codesys:hmi_sl:3.5.11.40
-
cpe:2.3:a:codesys:hmi_sl:3.5.11.50
-
cpe:2.3:a:codesys:hmi_sl:3.5.11.60
-
cpe:2.3:a:codesys:hmi_sl:3.5.12.0
-
cpe:2.3:a:codesys:hmi_sl:3.5.12.10
-
cpe:2.3:a:codesys:hmi_sl:3.5.12.20
-
cpe:2.3:a:codesys:hmi_sl:3.5.12.30
-
cpe:2.3:a:codesys:hmi_sl:3.5.12.40
-
cpe:2.3:a:codesys:hmi_sl:3.5.12.50
-
cpe:2.3:a:codesys:hmi_sl:3.5.12.70
-
cpe:2.3:a:codesys:hmi_sl:3.5.13.0
-
cpe:2.3:a:codesys:hmi_sl:3.5.13.10
-
cpe:2.3:a:codesys:hmi_sl:3.5.13.20
-
cpe:2.3:a:codesys:hmi_sl:3.5.13.30
-
cpe:2.3:a:codesys:hmi_sl:3.5.14.0
-
cpe:2.3:a:codesys:raspberry_pi:3.0
-
cpe:2.3:a:codesys:runtime_toolkit:3.0