Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Published

2022-12-26T19:15:10.520

Last Modified

2025-05-05T14:15:00.537

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-916
Type: Primary
CWE-916

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pilz	pmc	< 3.5.17	Yes
Application	codesys	control_for_beaglebone	< 3.5.16.0	Yes
Application	codesys	control_for_empc-a\/imx6	< 3.5.16.0	Yes
Application	codesys	control_for_iot2000	< 3.5.16.0	Yes
Application	codesys	control_for_linux	< 3.5.16.0	Yes
Application	codesys	control_for_pfc100	< 3.5.16.0	Yes
Application	codesys	control_for_pfc200	< 3.5.16.0	Yes
Application	codesys	control_for_plcnext	< 3.5.16.0	Yes
Application	codesys	control_for_raspberry_pi	< 3.5.16.0	Yes
Application	codesys	control_rte_v3	< 3.5.16.0	Yes
Application	codesys	control_v3_runtime_system_toolkit	< 3.5.16.0	Yes
Application	codesys	control_win_v3	< 3.5.16.0	Yes
Application	codesys	hmi_v3	< 3.5.16.0	Yes
Application	codesys	v3_simulation_runtime	< 3.5.16.0	Yes
Operating System	festo	controller_cecc-d_firmware	2.3.8.0	Yes
Operating System	festo	controller_cecc-d_firmware	2.3.8.1	Yes
Hardware	festo	controller_cecc-d	-	No
Operating System	festo	controller_cecc-lk_firmware	2.3.8.0	Yes
Operating System	festo	controller_cecc-lk_firmware	2.3.8.1	Yes
Hardware	festo	controller_cecc-lk	-	No
Operating System	festo	controller_cecc-s_firmware	2.3.8.0	Yes
Operating System	festo	controller_cecc-s_firmware	2.3.8.1	Yes
Hardware	festo	controller_cecc-s	-	No
Operating System	wago	750-8217_firmware	-	Yes
Hardware	wago	750-8217	-	No
Operating System	wago	750-8216_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8216	-	No
Operating System	wago	750-8215_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8215	-	No
Operating System	wago	750-8214_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8214	-	No
Operating System	wago	750-8213_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8213	-	No
Operating System	wago	750-8212_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8212	-	No
Operating System	wago	750-8211_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8211	-	No
Operating System	wago	750-8210_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8210	-	No
Operating System	wago	750-8207_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8207	-	No
Operating System	wago	750-8206_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8206	-	No
Operating System	wago	750-8204_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8204	-	No
Operating System	wago	750-8203_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8203	-	No
Operating System	wago	750-8202_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8202	-	No
Operating System	wago	750-8102_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8102	-	No
Operating System	wago	750-8101_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8101	-	No
Operating System	wago	750-8100_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8100	-	No
Operating System	wago	762-4201\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4201\/8000-001	-	No
Operating System	wago	762-4202\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4202\/8000-001	-	No
Operating System	wago	762-4203\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4203\/8000-001	-	No
Operating System	wago	762-4204\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4204\/8000-001	-	No
Operating System	wago	762-4205\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4205\/8000-001	-	No
Operating System	wago	762-4205\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4205\/8000-002	-	No
Operating System	wago	762-4206\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4206\/8000-001	-	No
Operating System	wago	762-4206\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4206\/8000-002	-	No
Operating System	wago	762-4301\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4301\/8000-002	-	No
Operating System	wago	762-4302\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4302\/8000-002	-	No
Operating System	wago	762-4303\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4303\/8000-002	-	No
Operating System	wago	762-4304\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4304\/8000-002	-	No
Operating System	wago	762-4305\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4305\/8000-002	-	No
Operating System	wago	762-4306\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4306\/8000-002	-	No
Operating System	wago	762-5203\/8000-001_firmware	≤ 03.06.19\(18\)	Yes
Hardware	wago	762-5203\/8000-001	-	No
Operating System	wago	762-5204\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5204\/8000-001	-	No
Operating System	wago	762-5205\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5205\/8000-001	-	No
Operating System	wago	762-5206\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5206\/8000-001	-	No
Operating System	wago	762-5303\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5303\/8000-002	-	No
Operating System	wago	762-5304\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5304\/8000-002	-	No
Operating System	wago	762-5305\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5305\/8000-002	-	No
Operating System	wago	762-5306\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5306\/8000-002	-	No
Operating System	wago	762-6201\/8000-001_firmware	≤ 03.06.19\(18\)	Yes
Hardware	wago	762-6201\/8000-001	-	No
Operating System	wago	762-6202\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6202\/8000-001	-	No
Operating System	wago	762-6203\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6203\/8000-001	-	No
Operating System	wago	762-6204\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6204\/8000-001	-	No
Operating System	wago	762-6301\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6301\/8000-002	-	No
Operating System	wago	762-6302\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6302\/8000-002	-	No
Operating System	wago	762-6303\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6303\/8000-002	-	No
Operating System	wago	762-6304\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6304\/8000-002	-	No
Operating System	wago	752-8303\/8000-0002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	752-8303\/8000-0002	*	No

References

https://cert.vde.com/en/advisories/VDE-2021-061/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2022-022/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2022-031/ Third Party Advisory ([email protected])
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= Vendor Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2021-061/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert.vde.com/en/advisories/VDE-2022-022/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert.vde.com/en/advisories/VDE-2022-031/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)