Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 114 products from pilz, from codesys, from codesys and 111 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-12-26T19:15:10.520

Last Modified

2025-05-05T14:15:00.537

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-916
Type: Primary
CWE-916

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pilz	pmc	< 3.5.17	Yes
Application	codesys	control_for_beaglebone	< 3.5.16.0	Yes
Application	codesys	control_for_empc-a\/imx6	< 3.5.16.0	Yes
Application	codesys	control_for_iot2000	< 3.5.16.0	Yes
Application	codesys	control_for_linux	< 3.5.16.0	Yes
Application	codesys	control_for_pfc100	< 3.5.16.0	Yes
Application	codesys	control_for_pfc200	< 3.5.16.0	Yes
Application	codesys	control_for_plcnext	< 3.5.16.0	Yes
Application	codesys	control_for_raspberry_pi	< 3.5.16.0	Yes
Application	codesys	control_rte_v3	< 3.5.16.0	Yes
Application	codesys	control_v3_runtime_system_toolkit	< 3.5.16.0	Yes
Application	codesys	control_win_v3	< 3.5.16.0	Yes
Application	codesys	hmi_v3	< 3.5.16.0	Yes
Application	codesys	v3_simulation_runtime	< 3.5.16.0	Yes
Operating System	festo	controller_cecc-d_firmware	2.3.8.0	Yes
Operating System	festo	controller_cecc-d_firmware	2.3.8.1	Yes
Hardware	festo	controller_cecc-d	-	No
Operating System	festo	controller_cecc-lk_firmware	2.3.8.0	Yes
Operating System	festo	controller_cecc-lk_firmware	2.3.8.1	Yes
Hardware	festo	controller_cecc-lk	-	No
Operating System	festo	controller_cecc-s_firmware	2.3.8.0	Yes
Operating System	festo	controller_cecc-s_firmware	2.3.8.1	Yes
Hardware	festo	controller_cecc-s	-	No
Operating System	wago	750-8217_firmware	-	Yes
Hardware	wago	750-8217	-	No
Operating System	wago	750-8216_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8216	-	No
Operating System	wago	750-8215_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8215	-	No
Operating System	wago	750-8214_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8214	-	No
Operating System	wago	750-8213_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8213	-	No
Operating System	wago	750-8212_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8212	-	No
Operating System	wago	750-8211_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8211	-	No
Operating System	wago	750-8210_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8210	-	No
Operating System	wago	750-8207_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8207	-	No
Operating System	wago	750-8206_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8206	-	No
Operating System	wago	750-8204_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8204	-	No
Operating System	wago	750-8203_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8203	-	No
Operating System	wago	750-8202_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8202	-	No
Operating System	wago	750-8102_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8102	-	No
Operating System	wago	750-8101_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8101	-	No
Operating System	wago	750-8100_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	750-8100	-	No
Operating System	wago	762-4201\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4201\/8000-001	-	No
Operating System	wago	762-4202\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4202\/8000-001	-	No
Operating System	wago	762-4203\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4203\/8000-001	-	No
Operating System	wago	762-4204\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4204\/8000-001	-	No
Operating System	wago	762-4205\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4205\/8000-001	-	No
Operating System	wago	762-4205\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4205\/8000-002	-	No
Operating System	wago	762-4206\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4206\/8000-001	-	No
Operating System	wago	762-4206\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4206\/8000-002	-	No
Operating System	wago	762-4301\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4301\/8000-002	-	No
Operating System	wago	762-4302\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4302\/8000-002	-	No
Operating System	wago	762-4303\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4303\/8000-002	-	No
Operating System	wago	762-4304\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4304\/8000-002	-	No
Operating System	wago	762-4305\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4305\/8000-002	-	No
Operating System	wago	762-4306\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-4306\/8000-002	-	No
Operating System	wago	762-5203\/8000-001_firmware	≤ 03.06.19\(18\)	Yes
Hardware	wago	762-5203\/8000-001	-	No
Operating System	wago	762-5204\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5204\/8000-001	-	No
Operating System	wago	762-5205\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5205\/8000-001	-	No
Operating System	wago	762-5206\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5206\/8000-001	-	No
Operating System	wago	762-5303\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5303\/8000-002	-	No
Operating System	wago	762-5304\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5304\/8000-002	-	No
Operating System	wago	762-5305\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5305\/8000-002	-	No
Operating System	wago	762-5306\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-5306\/8000-002	-	No
Operating System	wago	762-6201\/8000-001_firmware	≤ 03.06.19\(18\)	Yes
Hardware	wago	762-6201\/8000-001	-	No
Operating System	wago	762-6202\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6202\/8000-001	-	No
Operating System	wago	762-6203\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6203\/8000-001	-	No
Operating System	wago	762-6204\/8000-001_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6204\/8000-001	-	No
Operating System	wago	762-6301\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6301\/8000-002	-	No
Operating System	wago	762-6302\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6302\/8000-002	-	No
Operating System	wago	762-6303\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6303\/8000-002	-	No
Operating System	wago	762-6304\/8000-002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	762-6304\/8000-002	-	No
Operating System	wago	752-8303\/8000-0002_firmware	< 03.06.19\(18\)	Yes
Hardware	wago	752-8303\/8000-0002	*	No

References

https://cert.vde.com/en/advisories/VDE-2021-061/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2022-022/ Third Party Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2022-031/ Third Party Advisory ([email protected])
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= Vendor Advisory ([email protected])
https://cert.vde.com/en/advisories/VDE-2021-061/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert.vde.com/en/advisories/VDE-2022-022/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert.vde.com/en/advisories/VDE-2022-031/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For pilz's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.