CVE-2018-20026 — HIGH (7.5)

Q: What is CVE-2018-20026?

CVE-2018-20026 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

Q: How severe is CVE-2018-20026?

CVE-2018-20026 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-20026?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.

Vulnerability Description

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Codesys	Control For Beaglebone Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Empc-A\/Imx6 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Iot2000 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Linux Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Pfc100 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Pfc200 Sl	>= 3.0, < 3.5.14.0
Codesys	Control For Raspberry Pi Sl	>= 3.0, < 3.5.14.0
Codesys	Control Rte Sl	>= 3.0, < 3.5.14.0
Codesys	Control Rte Sl \(For Beckhoff Cx\)	>= 3.0, < 3.5.14.0
Codesys	Control Runtime Toolkit	>= 3.0, < 3.5.14.0
Codesys	Control Win Sl	>= 3.0, < 3.5.14.0
Codesys	Development System V3	>= 3.0, < 3.5.14.0
Codesys	Gateway	>= 3.0, < 3.5.14.0
Codesys	Hmi Sl	>= 3.0, < 3.5.14.0
Codesys	Opc Server	>= 3.0, < 3.5.14.0
Codesys	Plchandler	>= 3.0, < 3.5.14.0
Codesys	Safety Sil2	>= 3.0, < 3.5.14.0
Codesys	Targetvisu Sl	>= 3.0, < 3.5.14.0

References

http://www.securityfocus.com/bid/106251Broken LinkThird Party AdvisoryVDB Entry
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18MitigationThird Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/106251Broken LinkThird Party AdvisoryVDB Entry
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18MitigationThird Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-20026?

CVE-2018-20026 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

How severe is CVE-2018-20026?

CVE-2018-20026 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20026?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.