3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities
BID:106251
CVE-2018-20025 | CVE-2018-20026 |Info
3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities
| Bugtraq ID: | 106251 |
| Class: | Access Validation Error |
| CVE: |
CVE-2018-20025 CVE-2018-20026 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 18 2018 12:00AM |
| Updated: | Dec 18 2018 12:00AM |
| Credit: | Alexander Nochvay from Kaspersky Lab |
| Vulnerable: |
3S-Software CODESYS V3 Simulation Runtime 0 3S-Software CODESYS V3 Safety SIL2 0 3S-Software CODESYS V3 Remote Target Visu Toolkit 0 3S-Software CODESYS V3 Embedded Target Visu Toolkit 0 3S-Software CODESYS V3 Development System 0 3S-Software CODESYS PLCHandler SDK 0 3S-Software CODESYS OPC Server V3 0 3S-Software CODESYS HMI 3 3S-Software CODESYS Control Win V3 0 3S-Software CODESYS Control V3 Runtime System Toolkit 0 3S-Software CODESYS Control RTE 3 3S-Software CODESYS Control for Raspberry Pi 0 3S-Software CODESYS Control for PFC200 0 3S-Software CODESYS Control for PFC100 0 3S-Software CODESYS Control for Linux 0 3S-Software CODESYS Control for IOT2000 0 3S-Software CODESYS Control for emPC-A/iMX6 0 3S-Software CODESYS Control for BeagleBone 0 |
| Not Vulnerable: | |
Discussion
3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities
3S-Smart Software CODESYS is prone to the following security vulnerabilities:
1. An insecure random number generator weakness
3. A spoofing vulnerability
An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible.
3S-Smart Software CODESYS is prone to the following security vulnerabilities:
1. An insecure random number generator weakness
3. A spoofing vulnerability
An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible.
Exploit / POC
3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
3S-Smart Software CODESYS ICSA-18-352-04 Multiple Security Vulnerabilities
References:
References: