7.8
HIGH
CVE-2020-12069
CODESYS Weak Password Hashing Vulnerability (Local Privilege Escalation)
Description

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

INFO

Published Date :

Dec. 26, 2022, 7:15 p.m.

Last Modified :

Oct. 3, 2024, 7:18 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2020-12069 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Wago 750-8202_firmware
2 Wago 750-8203_firmware
3 Wago 750-8204_firmware
4 Wago 750-8206_firmware
5 Wago 750-8207_firmware
6 Wago 750-8210_firmware
7 Wago 750-8211_firmware
8 Wago 750-8212_firmware
9 Wago 750-8213_firmware
10 Wago 750-8214_firmware
11 Wago 750-8215_firmware
12 Wago 750-8216_firmware
13 Wago 750-8217_firmware
14 Wago 750-8100_firmware
15 Wago 750-8101_firmware
16 Wago 750-8102_firmware
17 Wago 762-4201\/8000-001_firmware
18 Wago 762-4202\/8000-001_firmware
19 Wago 762-4203\/8000-001_firmware
20 Wago 762-4204\/8000-001_firmware
21 Wago 762-4205\/8000-001_firmware
22 Wago 762-4205\/8000-002_firmware
23 Wago 762-4206\/8000-001_firmware
24 Wago 762-4206\/8000-002_firmware
25 Wago 762-4301\/8000-002_firmware
26 Wago 762-4302\/8000-002_firmware
27 Wago 762-4303\/8000-002_firmware
28 Wago 762-4304\/8000-002_firmware
29 Wago 762-4305\/8000-002_firmware
30 Wago 762-4306\/8000-002_firmware
31 Wago 762-5203\/8000-001_firmware
32 Wago 762-5204\/8000-001_firmware
33 Wago 762-5205\/8000-001_firmware
34 Wago 762-5206\/8000-001_firmware
35 Wago 762-5303\/8000-002_firmware
36 Wago 762-5304\/8000-002_firmware
37 Wago 762-5305\/8000-002_firmware
38 Wago 762-5306\/8000-002_firmware
39 Wago 762-6201\/8000-001_firmware
40 Wago 762-6202\/8000-001_firmware
41 Wago 762-6203\/8000-001_firmware
42 Wago 762-6204\/8000-001_firmware
43 Wago 762-6301\/8000-002_firmware
44 Wago 762-6302\/8000-002_firmware
45 Wago 762-6303\/8000-002_firmware
46 Wago 762-6304\/8000-002_firmware
47 Wago 750-8202
48 Wago 750-8203
49 Wago 750-8204
50 Wago 750-8206
51 Wago 750-8207
52 Wago 750-8210
53 Wago 750-8211
54 Wago 750-8212
55 Wago 750-8213
56 Wago 750-8214
57 Wago 750-8215
58 Wago 750-8216
59 Wago 750-8217
60 Wago 750-8102
61 Wago 750-8101
62 Wago 750-8100
63 Wago 762-4201\/8000-001
64 Wago 762-4202\/8000-001
65 Wago 762-4203\/8000-001
66 Wago 762-4204\/8000-001
67 Wago 762-4205\/8000-001
68 Wago 762-4205\/8000-002
69 Wago 762-4206\/8000-001
70 Wago 762-4206\/8000-002
71 Wago 762-4301\/8000-002
72 Wago 762-4302\/8000-002
73 Wago 762-4303\/8000-002
74 Wago 762-4304\/8000-002
75 Wago 762-4305\/8000-002
76 Wago 762-4306\/8000-002
77 Wago 762-5203\/8000-001
78 Wago 762-5204\/8000-001
79 Wago 762-5205\/8000-001
80 Wago 762-5206\/8000-001
81 Wago 762-5303\/8000-002
82 Wago 762-5304\/8000-002
83 Wago 762-5305\/8000-002
84 Wago 762-5306\/8000-002
85 Wago 762-6201\/8000-001
86 Wago 762-6202\/8000-001
87 Wago 762-6203\/8000-001
88 Wago 762-6204\/8000-001
89 Wago 762-6301\/8000-002
90 Wago 762-6302\/8000-002
91 Wago 762-6303\/8000-002
92 Wago 762-6304\/8000-002
93 Wago 752-8303\/8000-0002_firmware
94 Wago 752-8303\/8000-0002
1 Codesys control_for_beaglebone
2 Codesys control_for_empc-a\/imx6
3 Codesys control_for_iot2000
4 Codesys control_for_linux
5 Codesys control_for_pfc100
6 Codesys control_for_pfc200
7 Codesys control_for_plcnext
8 Codesys control_for_raspberry_pi
9 Codesys control_v3_runtime_system_toolkit
10 Codesys control_rte_v3
11 Codesys control_win_v3
12 Codesys hmi_v3
13 Codesys v3_simulation_runtime
1 Festo controller_cecc-d_firmware
2 Festo controller_cecc-lk_firmware
3 Festo controller_cecc-s_firmware
4 Festo controller_cecc-d
5 Festo controller_cecc-lk
6 Festo controller_cecc-s
1 Pilz pmc
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-12069.

URL Resource
https://cert.vde.com/en/advisories/VDE-2021-061/ Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-022/ Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-031/ Third Party Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-12069 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-12069 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Oct. 03, 2024

    Action Type Old Value New Value
    Removed CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://cert.vde.com/en/advisories/VDE-2021-061/ No Types Assigned https://cert.vde.com/en/advisories/VDE-2021-061/ Third Party Advisory
    Changed Reference Type https://cert.vde.com/en/advisories/VDE-2022-022/ No Types Assigned https://cert.vde.com/en/advisories/VDE-2022-022/ Third Party Advisory
    Changed Reference Type https://cert.vde.com/en/advisories/VDE-2022-031/ No Types Assigned https://cert.vde.com/en/advisories/VDE-2022-031/ Third Party Advisory
    Changed Reference Type https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= No Types Assigned https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= Vendor Advisory
    Added CPE Configuration OR *cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_for_linux:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_rte_v3:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:control_win_v3:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:hmi_v3:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0 *cpe:2.3:a:codesys:v3_simulation_runtime:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.16.0
    Added CPE Configuration AND OR *cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.0:*:*:*:*:*:*:* *cpe:2.3:o:festo:controller_cecc-d_firmware:2.3.8.1:*:*:*:*:*:*:* OR cpe:2.3:h:festo:controller_cecc-d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.0:*:*:*:*:*:*:* *cpe:2.3:o:festo:controller_cecc-lk_firmware:2.3.8.1:*:*:*:*:*:*:* OR cpe:2.3:h:festo:controller_cecc-lk:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.0:*:*:*:*:*:*:* *cpe:2.3:o:festo:controller_cecc-s_firmware:2.3.8.1:*:*:*:*:*:*:* OR cpe:2.3:h:festo:controller_cecc-s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8217_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:wago:750-8217:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8216_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8216:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8215_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8215:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8214_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8214:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8213_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8213:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8212_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8212:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8211_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8211:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8210_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8210:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8207_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8207:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8206_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8206:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8204_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8204:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8203_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8203:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8202_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8102_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8102:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8101_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8101:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:750-8100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:750-8100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4201\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4201\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4202\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4202\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4203\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4203\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4204\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4204\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4205\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4205\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4205\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4205\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4206\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4206\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4206\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4206\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4301\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4301\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4302\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4302\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4303\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4303\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4304\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4304\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4305\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4305\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-4306\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-4306\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5203\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (including) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5203\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5204\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5204\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5205\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5205\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5206\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5206\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5303\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5303\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5304\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5304\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5305\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5305\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-5306\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-5306\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6201\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (including) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6201\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6202\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6202\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6203\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6203\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6204\/8000-001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6204\/8000-001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6301\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6301\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6302\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6302\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6303\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6303\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:762-6304\/8000-002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:762-6304\/8000-002:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:wago:752-8303\/8000-0002_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 03.06.19\(18\) OR cpe:2.3:h:wago:752-8303\/8000-0002:*:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Source Update by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Changed Source MITRE CERT VDE
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added Reference CERT VDE https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= [No types assigned]
    Added Reference CERT VDE https://cert.vde.com/en/advisories/VDE-2021-061/ [No types assigned]
    Added Reference CERT VDE https://cert.vde.com/en/advisories/VDE-2022-031/ [No types assigned]
    Added Reference CERT VDE https://cert.vde.com/en/advisories/VDE-2022-022/ [No types assigned]
    Removed Reference MITRE https://cert.vde.com/en/advisories/VDE-2021-061/
    Removed Reference MITRE https://cert.vde.com/en/advisories/VDE-2022-022/
    Removed Reference MITRE https://cert.vde.com/en/advisories/VDE-2022-031/
    Removed Reference MITRE https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=
    Added CWE CERT VDE CWE-916
    Removed CWE MITRE CWE-916
    Removed CVSS V3.1 MITRE AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V3.1 CERT VDE AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by [email protected]

    May. 15, 2023

    Action Type Old Value New Value
    Changed Description In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort. In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
    Added CVSS V3.1 MITRE AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added Reference https://cert.vde.com/en/advisories/VDE-2022-022/ [No Types Assigned]
    Added Reference https://cert.vde.com/en/advisories/VDE-2022-031/ [No Types Assigned]
    Added Reference https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download= [No Types Assigned]
    Added CWE MITRE CWE-916
  • Initial Analysis by [email protected]

    Jan. 05, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://cert.vde.com/en/advisories/VDE-2021-061/ No Types Assigned https://cert.vde.com/en/advisories/VDE-2021-061/ Third Party Advisory
    Added CWE NIST CWE-916
    Added CPE Configuration OR *cpe:2.3:a:pilz:pmc:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.5.17
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-12069 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-12069 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} -0.17%

score

0.05095

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability