9.8 - CVE-2018-10612

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2018-10612	First vendor Publication	2019-01-29
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10612

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-732	Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)
50 %	CWE-311	Missing Encryption of Sensitive Data (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Codesys Control For Beaglebone Sl cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::	1
Application	Codesys Control For Empc-A/Imx6 Sl cpe:2.3:a:codesys:control_for_empc-a/imx6_sl::::::::	1
Application	Codesys Control For Iot2000 Sl cpe:2.3:a:codesys:control_for_iot2000_sl::::::::	1
Application	Codesys Control For Linux Sl cpe:2.3:a:codesys:control_for_linux_sl::::::::	1
Application	Codesys Control For Pfc100 Sl cpe:2.3:a:codesys:control_for_pfc100_sl::::::::	1
Application	Codesys Control For Pfc200 Sl cpe:2.3:a:codesys:control_for_pfc200_sl::::::::	1
Application	Codesys Control For Raspberry Pi Sl cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::	1
Application	Codesys Control Rte Sl cpe:2.3:a:codesys:control_rte_sl::::::::	1
Application	Codesys Control Runtime Toolkit cpe:2.3:a:codesys:control_runtime_toolkit::::::::	1
Application	Codesys Control Win Sl cpe:2.3:a:codesys:control_win_sl::::::::	1
Application	Codesys Development System V3 cpe:2.3:a:codesys:development_system_v3::::::::	1
Application	Codesys Hmi Sl cpe:2.3:a:codesys:hmi_sl::::::::	1

Sources (Detail)

http://www.securityfocus.com/bid/106248
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 13:11:37	Multiple Updates
2021-05-04 13:07:56	Multiple Updates
2021-04-22 02:21:14	Multiple Updates
2020-05-23 01:05:50	Multiple Updates
2019-10-10 05:20:16	Multiple Updates
2019-10-03 09:20:45	Multiple Updates
2019-02-22 21:19:30	Multiple Updates
2019-02-22 00:19:00	Multiple Updates
2019-01-30 21:18:40	Multiple Updates
2019-01-29 21:19:10	First insertion

9.8 - CVE-2018-10612

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU