Vulnerability Details CVE-2020-12069
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.6%
CVSS Severity
CVSS v3 Score 7.8
References
- https://cert.vde.com/en/advisories/VDE-2021-061/
- https://cert.vde.com/en/advisories/VDE-2022-022/
- https://cert.vde.com/en/advisories/VDE-2022-031/
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=
- https://cert.vde.com/en/advisories/VDE-2021-061/
- https://cert.vde.com/en/advisories/VDE-2022-022/
- https://cert.vde.com/en/advisories/VDE-2022-031/
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=
Products affected by CVE-2020-12069
-
cpe:2.3:a:codesys:control_for_beaglebone:-
-
cpe:2.3:a:codesys:control_for_beaglebone:3.0.0.0
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.10.0
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.10.20
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.10.30
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.11.0
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.11.10
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.11.20
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.11.50
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.11.60
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.12.0
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.12.10
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.12.30
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.12.70
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.13.0
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.13.20
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.13.30
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.14.0
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.14.10
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.0
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.20
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.30
-
cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.40
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:-
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.0.0.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.10.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.10.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.11.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.11.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.11.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.11.50
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.11.60
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.12.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.12.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.12.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.12.70
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.13.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.13.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.13.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.14.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.14.10
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.15.0
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.15.20
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.15.30
-
cpe:2.3:a:codesys:control_for_empc-a/imx6:3.5.15.40
-
cpe:2.3:a:codesys:control_for_iot2000:-
-
cpe:2.3:a:codesys:control_for_iot2000:3.0.0.0
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.11.0
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.11.10
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.11.20
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.11.50
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.11.60
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.12.0
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.12.10
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.12.30
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.12.70
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.13.0
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.13.20
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.13.30
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.14.0
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.14.10
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.15.0
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.15.20
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.15.30
-
cpe:2.3:a:codesys:control_for_iot2000:3.5.15.40
-
cpe:2.3:a:codesys:control_for_linux:-
-
cpe:2.3:a:codesys:control_for_linux:3.5.13.0
-
cpe:2.3:a:codesys:control_for_linux:3.5.13.20
-
cpe:2.3:a:codesys:control_for_linux:3.5.13.30
-
cpe:2.3:a:codesys:control_for_linux:3.5.14.0
-
cpe:2.3:a:codesys:control_for_linux:3.5.14.10
-
cpe:2.3:a:codesys:control_for_linux:3.5.15.20
-
cpe:2.3:a:codesys:control_for_linux:3.5.15.30
-
cpe:2.3:a:codesys:control_for_linux:3.5.15.40
-
cpe:2.3:a:codesys:control_for_pfc100:-
-
cpe:2.3:a:codesys:control_for_pfc100:3.0.0.0
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.11.0
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.11.10
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.11.20
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.11.50
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.11.60
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.12.0
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.12.10
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.12.30
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.12.40
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.12.70
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.13.0
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.13.20
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.13.30
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.14.0
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.14.10
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.15.0
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.15.20
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.15.30
-
cpe:2.3:a:codesys:control_for_pfc100:3.5.15.40
-
cpe:2.3:a:codesys:control_for_pfc200:-
-
cpe:2.3:a:codesys:control_for_pfc200:3.0.0.0
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.10.0
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.10.20
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.11.0
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.11.10
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.11.20
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.11.50
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.11.60
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.12.0
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.12.10
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.12.30
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.12.40
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.12.70
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.13.0
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.13.10
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.13.20
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.13.30
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.14.0
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.14.10
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.14.20
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.14.30
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.14.40
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.15.0
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.15.20
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.15.30
-
cpe:2.3:a:codesys:control_for_pfc200:3.5.15.40
-
cpe:2.3:a:codesys:control_for_plcnext:-
-
cpe:2.3:a:codesys:control_for_plcnext:3.5.15.20
-
cpe:2.3:a:codesys:control_for_plcnext:3.5.15.30
-
cpe:2.3:a:codesys:control_for_plcnext:3.5.15.40
-
cpe:2.3:a:codesys:control_for_raspberry_pi:-
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.0.0.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.10.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.10.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.11.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.11.10
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.11.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.11.50
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.11.60
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.12.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.12.10
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.12.30
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.12.70
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.13.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.13.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.13.30
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.14.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.14.10
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.14.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.14.30
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.14.40
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.0
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.20
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.30
-
cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.40
-
cpe:2.3:a:codesys:control_rte_v3:*
-
cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:3.0.0.0
-
cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:3.5.12.30
-
cpe:2.3:a:codesys:control_win_v3:*
-
cpe:2.3:a:codesys:hmi_v3:*
-
cpe:2.3:a:codesys:v3_simulation_runtime:*
-
cpe:2.3:a:pilz:pmc:3.0.0
-
cpe:2.3:h:festo:controller_cecc-d:-
-
cpe:2.3:h:festo:controller_cecc-lk:-
-
cpe:2.3:h:festo:controller_cecc-s:-
-
cpe:2.3:h:wago:750-8100:-
-
cpe:2.3:h:wago:750-8101:-
-
cpe:2.3:h:wago:750-8102:-
-
cpe:2.3:h:wago:750-8202:-
-
cpe:2.3:h:wago:750-8203:-
-
cpe:2.3:h:wago:750-8204:-
-
cpe:2.3:h:wago:750-8206:-
-
cpe:2.3:h:wago:750-8207:-
-
cpe:2.3:h:wago:750-8210:-
-
cpe:2.3:h:wago:750-8211:-
-
cpe:2.3:h:wago:750-8212:-
-
cpe:2.3:h:wago:750-8213:-
-
cpe:2.3:h:wago:750-8214:-
-
cpe:2.3:h:wago:750-8215:-
-
cpe:2.3:h:wago:750-8216:-
-
cpe:2.3:h:wago:750-8217:-
-
cpe:2.3:h:wago:752-8303/8000-0002:*
-
cpe:2.3:h:wago:762-4201/8000-001:-
-
cpe:2.3:h:wago:762-4202/8000-001:-
-
cpe:2.3:h:wago:762-4203/8000-001:-
-
cpe:2.3:h:wago:762-4204/8000-001:-
-
cpe:2.3:h:wago:762-4205/8000-001:-
-
cpe:2.3:h:wago:762-4205/8000-002:-
-
cpe:2.3:h:wago:762-4206/8000-001:-
-
cpe:2.3:h:wago:762-4206/8000-002:-
-
cpe:2.3:h:wago:762-4301/8000-002:-
-
cpe:2.3:h:wago:762-4302/8000-002:-
-
cpe:2.3:h:wago:762-4303/8000-002:-
-
cpe:2.3:h:wago:762-4304/8000-002:-
-
cpe:2.3:h:wago:762-4305/8000-002:-
-
cpe:2.3:h:wago:762-4306/8000-002:-
-
cpe:2.3:h:wago:762-5203/8000-001:-
-
cpe:2.3:h:wago:762-5204/8000-001:-
-
cpe:2.3:h:wago:762-5205/8000-001:-
-
cpe:2.3:h:wago:762-5206/8000-001:-
-
cpe:2.3:h:wago:762-5303/8000-002:-
-
cpe:2.3:h:wago:762-5304/8000-002:-
-
cpe:2.3:h:wago:762-5305/8000-002:-
-
cpe:2.3:h:wago:762-5306/8000-002:-
-
cpe:2.3:h:wago:762-6201/8000-001:-
-
cpe:2.3:h:wago:762-6202/8000-001:-
-
cpe:2.3:h:wago:762-6203/8000-001:-
-
cpe:2.3:h:wago:762-6204/8000-001:-
-
cpe:2.3:h:wago:762-6301/8000-002:-
-
cpe:2.3:h:wago:762-6302/8000-002:-
-
cpe:2.3:h:wago:762-6303/8000-002:-
-
cpe:2.3:h:wago:762-6304/8000-002:-
-
cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0
-
cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1
-
cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0
-
cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1
-
cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0
-
cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1
-
cpe:2.3:o:wago:750-8100_firmware:-
-
cpe:2.3:o:wago:750-8100_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8101_firmware:-
-
cpe:2.3:o:wago:750-8101_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8102_firmware:-
-
cpe:2.3:o:wago:750-8102_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8202_firmware:-
-
cpe:2.3:o:wago:750-8203_firmware:-
-
cpe:2.3:o:wago:750-8204_firmware:-
-
cpe:2.3:o:wago:750-8206_firmware:-
-
cpe:2.3:o:wago:750-8206_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8207_firmware:-
-
cpe:2.3:o:wago:750-8207_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8210_firmware:-
-
cpe:2.3:o:wago:750-8210_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8211_firmware:-
-
cpe:2.3:o:wago:750-8211_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8212_firmware:-
-
cpe:2.3:o:wago:750-8212_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8213_firmware:-
-
cpe:2.3:o:wago:750-8213_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8214_firmware:-
-
cpe:2.3:o:wago:750-8214_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8215_firmware:-
-
cpe:2.3:o:wago:750-8215_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8216_firmware:-
-
cpe:2.3:o:wago:750-8216_firmware:03.01.07(13)
-
cpe:2.3:o:wago:750-8217_firmware:-
-
cpe:2.3:o:wago:752-8303/8000-0002_firmware:*
-
cpe:2.3:o:wago:762-4201/8000-001_firmware:-
-
cpe:2.3:o:wago:762-4201/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4202/8000-001_firmware:-
-
cpe:2.3:o:wago:762-4202/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4203/8000-001_firmware:-
-
cpe:2.3:o:wago:762-4203/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4204/8000-001_firmware:-
-
cpe:2.3:o:wago:762-4204/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4205/8000-001_firmware:-
-
cpe:2.3:o:wago:762-4205/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4205/8000-002_firmware:*
-
cpe:2.3:o:wago:762-4206/8000-001_firmware:-
-
cpe:2.3:o:wago:762-4206/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4206/8000-002_firmware:*
-
cpe:2.3:o:wago:762-4301/8000-002_firmware:-
-
cpe:2.3:o:wago:762-4301/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4302/8000-002_firmware:-
-
cpe:2.3:o:wago:762-4302/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4303/8000-002_firmware:-
-
cpe:2.3:o:wago:762-4303/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4304/8000-002_firmware:-
-
cpe:2.3:o:wago:762-4304/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-4305/8000-002_firmware:*
-
cpe:2.3:o:wago:762-4306/8000-002_firmware:*
-
cpe:2.3:o:wago:762-5203/8000-001_firmware:-
-
cpe:2.3:o:wago:762-5203/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-5204/8000-001_firmware:-
-
cpe:2.3:o:wago:762-5204/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-5205/8000-001_firmware:-
-
cpe:2.3:o:wago:762-5205/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-5206/8000-001_firmware:-
-
cpe:2.3:o:wago:762-5206/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-5303/8000-002_firmware:-
-
cpe:2.3:o:wago:762-5303/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-5304/8000-002_firmware:-
-
cpe:2.3:o:wago:762-5304/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-5305/8000-002_firmware:-
-
cpe:2.3:o:wago:762-5305/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-5306/8000-002_firmware:-
-
cpe:2.3:o:wago:762-5306/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6201/8000-001_firmware:-
-
cpe:2.3:o:wago:762-6201/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6202/8000-001_firmware:-
-
cpe:2.3:o:wago:762-6202/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6203/8000-001_firmware:-
-
cpe:2.3:o:wago:762-6203/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6204/8000-001_firmware:-
-
cpe:2.3:o:wago:762-6204/8000-001_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6301/8000-002_firmware:-
-
cpe:2.3:o:wago:762-6301/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6302/8000-002_firmware:-
-
cpe:2.3:o:wago:762-6302/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6303/8000-002_firmware:-
-
cpe:2.3:o:wago:762-6303/8000-002_firmware:03.01.07(13)
-
cpe:2.3:o:wago:762-6304/8000-002_firmware:-
-
cpe:2.3:o:wago:762-6304/8000-002_firmware:03.01.07(13)