Vulnerability identifier: #VU16612
Vulnerability risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
CODESYS Control for BeagleBone
Client/Desktop applications /
Other client software
CODESYS Control RTE
Client/Desktop applications /
Other client software
Vendor:
CODESYS
Description
The vulnerability allows a remote attacker to bypass security restrictions the target system.
The vulnerability exists due to user access management and communication encryption is not enabled by default. A remote unauthenticated attacker can gain access to the device and sensitive information, including user credentials.
Mitigation
Update the affected products to the version 3.5.14.0.
Vulnerable software versions
CODESYS Control for BeagleBone: All versions
:
:
:
:
:
:
CODESYS Control RTE: All versions
:
:
:
:
External links
http://www.codesys.com/security/security-reports.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.