CVE-2018-10612

{"id": "CVE-2018-10612", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-01-29T16:29:00.247", "references": [{"url": "http://www.securityfocus.com/bid/106248", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}, {"lang": "en", "value": "CWE-732"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."}, {"lang": "es", "value": "En los productos CODESYS Control V3, de 3S-Smart Software Solutions GmbH, en versiones anteriores a la 3.5.14.0, la gesti\u00f3n de accesos de usuarios y el cifrado de las comunicaciones no est\u00e1 habilitado por defecto, lo que podr\u00eda permitir que un atacante acceda al dispositivo y a su informaci\u00f3n sensible, incluyendo las credenciales de usuario."}], "lastModified": "2019-10-09T23:32:55.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00F359B4-0530-47A3-BFBB-BA7D32104919", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}