In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-26
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-12-26
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-26