CVE-2018-10612 — CRITICAL (9.8)

Q: How severe is CVE-2018-10612?

CVE-2018-10612 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-10612?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.

Vulnerability Description

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Codesys	Control For Beaglebone Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Empc-A\/Imx6 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Iot2000 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Linux Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Pfc100 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Pfc200 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Raspberry Pi Sl	>= 3.0, < 3.5.14.0
Codesys	Control Rte Sl	>= 3.0, < 3.5.14.0
Codesys	Control Runtime Toolkit	>= 3.0, < 3.5.14.0
Codesys	Control Win Sl	>= 3.0, < 3.5.14.0
Codesys	Development System V3	>= 3.0, < 3.5.14.0
Codesys	Hmi Sl	>= 3.0, < 3.5.14.0

Related Weaknesses (CWE)

CWE-732 CWE-284 CWE-311

References

http://www.securityfocus.com/bid/106248Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/106248Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-10612?

CVE-2018-10612 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker ...

How severe is CVE-2018-10612?

CVE-2018-10612 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-10612?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.