CVE-2018-20026 - OpenCVE

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Codesys	Development System V3 Control For Linux Sl Control Rte Sl Gateway Targetvisu Sl Control For Pfc200 Sl Plchandler Control For Raspberry Pi Sl Control For Iot2000 Sl Control For Beaglebone Sl Control Runtime Toolkit Safety Sil2 Control Rte Sl \(for Beckhoff Cx\) Opc Server Control For Empc-a\/imx6 Sl Hmi Sl Control Win Sl Control For Pfc100 Sl

Configuration 1 [-]

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::
	cpe:2.3:a:codesys:control_runtime_toolkit::::::::
	cpe:2.3:a:codesys:control_win_sl::::::::
	cpe:2.3:a:codesys:development_system_v3::::::::
	cpe:2.3:a:codesys:gateway::::::::
	cpe:2.3:a:codesys:hmi_sl::::::::
	cpe:2.3:a:codesys:opc_server::::::::
	cpe:2.3:a:codesys:plchandler::::::::
	cpe:2.3:a:codesys:safety_sil2::::::::
	cpe:2.3:a:codesys:targetvisu_sl::::::::

References

Link	Resource
http://www.securityfocus.com/bid/106251	Broken Link Third Party Advisory VDB Entry
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/	Mitigation Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Kaspersky

Published: 2018-12-19T00:00:00

Updated: 2019-04-02T14:43:36

Reserved: 2018-12-10T00:00:00

Link: CVE-2018-20026

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-02-19T21:29:00.290

Modified: 2023-03-29T18:40:10.533

Link: CVE-2018-20026

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "CODESYS V3 products", "vendor": "Kaspersky Lab", "versions": [{"status": "affected", "version": "prior V3.5.14.0"}]}], "datePublic": "2018-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."}], "problemTypes": [{"descriptions": [{"description": "Improper Communication Address Filtering", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-02T14:43:36", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"name": "106251", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106251"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "DATE_PUBLIC": "2018-12-19T00:00:00", "ID": "CVE-2018-20026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS V3 products", "version": {"version_data": [{"version_value": "prior V3.5.14.0"}]}}]}, "vendor_name": "Kaspersky Lab"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Communication Address Filtering"}]}]}, "references": {"reference_data": [{"name": "106251", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106251"}, {"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}]}}}}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2018-20026", "datePublished": "2018-12-19T00:00:00", "dateReserved": "2018-12-10T00:00:00", "dateUpdated": "2019-04-02T14:43:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "30E5A50D-470A-4C7D-A634-E97AE95B38B5", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "455BEF47-4D2A-4314-AF1D-C5C46236B135", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2E52640-4AA9-40C1-A00E-374334F761C7", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C87347FA-38EA-4299-A822-63FCF0E34577", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D3E05BC-83BC-49C8-91AD-64A1EE9D36BD", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "40D2875A-E1DF-4C7D-9DD7-7BE8D617EF3C", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE9699B0-CCE3-42AB-8208-492382D59582", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "20CFD36A-208D-444C-A3C3-C2B11CAF65AC", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "6368AFD2-D0F4-4E93-9D28-00D2DAF6F1BD", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_runtime_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E623E98-8040-43D2-81B5-D6B06B374472", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA6D880C-195D-4830-B0B5-7D7BC32182B4", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*", "matchCriteriaId": "00F359B4-0530-47A3-BFBB-BA7D32104919", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "498AB0A1-C9F2-40A5-BC72-9CC4F96D74DE", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "63F51840-0A93-43BD-B8D0-145C7C52C7B0", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3A3A591-9B7A-4328-93C8-728D3E3E045D", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7E0C96B-5FD4-422A-B429-860192BC46A0", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C0A629A-E3CE-428A-81C1-25965A681B73", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:targetvisu_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA2E1543-D82B-4BE7-8C9C-4EAABFB1F68B", "versionEndExcluding": "3.5.14.0", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."}, {"lang": "es", "value": "Existe el filtrado de direcciones de comunicaci\u00f3n incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0."}], "id": "CVE-2018-20026", "lastModified": "2023-03-29T18:40:10.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-19T21:29:00.290", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106251"}, {"source": "vulnerability@kaspersky.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"}, {"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}