CVE-2018-10612 Vulnerability Details

  /     /     /  

CVE-2018-10612 Metadata Quick Info

CVE Published: 29/01/2019 | CVE Updated: 17/09/2024 | CVE Year: 2018
Source: icscert | Vendor: 3S-Smart | Product: 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0
Status : PUBLISHED

---

CVE-2018-10612 Description

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: IMPROPER ACCESS CONTROL CWE-284
Source: 3S-Smart

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).