Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for pmc by pilz

    VAR-202212-1959

    Vulnerability from variot - Updated: 2025-10-03 21:55

    In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. Pilz PMC A programming tool is vulnerable to the use of weak password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1959",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "control for raspberry pi",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "controller cecc-d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "festo",
            "version": "2.3.8.1"
          },
          {
            "model": "762-4203\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4301\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "control rte v3",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "762-4302\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6303\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "control for linux",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "hmi v3",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "762-5203\\/8000-001",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4202\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6203\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4205\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6302\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8100",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "pmc",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "pilz",
            "version": "3.5.17"
          },
          {
            "model": "v3 simulation runtime",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "750-8214",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-5306\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "controller cecc-lk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "festo",
            "version": "2.3.8.0"
          },
          {
            "model": "control for plcnext",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "controller cecc-lk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "festo",
            "version": "2.3.8.1"
          },
          {
            "model": "762-4204\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4205\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4303\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4306\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6202\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4304\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8213",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8212",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4201\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8102",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8215",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4305\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "752-8303\\/8000-0002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "controller cecc-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "festo",
            "version": "2.3.8.0"
          },
          {
            "model": "750-8206",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "controller cecc-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "festo",
            "version": "2.3.8.1"
          },
          {
            "model": "750-8211",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "pmc",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "pilz",
            "version": "3.0.0"
          },
          {
            "model": "control v3 runtime system toolkit",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "762-5305\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8217",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wago",
            "version": null
          },
          {
            "model": "control win v3",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "762-5205\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-5206\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8216",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6201\\/8000-001",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "control for empc-a\\/imx6",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "762-4206\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-4206\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "control for pfc100",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "control for iot2000",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "762-5204\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6301\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6304\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8210",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "control for beaglebone",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "control for pfc200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "codesys",
            "version": "3.5.16.0"
          },
          {
            "model": "762-5304\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8204",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-5303\\/8000-002",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "762-6204\\/8000-001",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8202",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8101",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "750-8203",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "controller cecc-d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "festo",
            "version": "2.3.8.0"
          },
          {
            "model": "750-8207",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "wago",
            "version": "03.06.19\\(18\\)"
          },
          {
            "model": "pmc",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "pilz",
            "version": "3.5.17"
          },
          {
            "model": "pmc",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "pilz",
            "version": "3.x"
          },
          {
            "model": "pmc",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "pilz",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "cve": "CVE-2020-12069",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "info@cert.vde.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-12069",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-12069",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2020-12069",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-12069",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-12069",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-3933",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. Pilz PMC A programming tool is vulnerable to the use of weak password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-12069",
            "trust": 3.2
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2021-061",
            "trust": 2.4
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2022-022",
            "trust": 1.0
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2022-031",
            "trust": 1.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-273-04",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90492166",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "id": "VAR-202212-1959",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.4538690433333333
      },
      "last_update_date": "2025-10-03T21:55:02.035000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.pilz.com/ja-INT"
          },
          {
            "title": "Pilz PMC programming tool Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220121"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-916",
            "trust": 1.0
          },
          {
            "problemtype": "Use of weak password hashes (CWE-916) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://cert.vde.com/en/advisories/vde-2021-061/"
          },
          {
            "trust": 1.0,
            "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
          },
          {
            "trust": 1.0,
            "url": "https://cert.vde.com/en/advisories/vde-2022-031/"
          },
          {
            "trust": 1.0,
            "url": "https://cert.vde.com/en/advisories/vde-2022-022/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu90492166/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12069"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2020-12069/"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          },
          {
            "date": "2023-03-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "date": "2022-12-26T19:15:10.520000",
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          },
          {
            "date": "2025-10-02T06:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          },
          {
            "date": "2025-05-05T14:15:00.537000",
            "db": "NVD",
            "id": "CVE-2020-12069"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pilz\u00a0PMC\u00a0 Vulnerability in using weak password hashes in programming tools",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004118"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-3933"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-9011 (GCVE-0-2019-9011)

    Vulnerability from nvd – Published: 2022-12-26 00:00 – Updated: 2025-04-14 17:04
    VLAI
    Summary
    In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:31:37.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-9011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:03:46.196097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-668",
                    "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T17:04:22.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9011",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2019-02-22T00:00:00.000Z",
        "dateUpdated": "2025-04-14T17:04:22.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12069 (GCVE-0-2020-12069)

    Vulnerability from nvd – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:17
    VLAI
    Title
    CODESYS V3 prone to Inadequate Password Hashing
    Summary
    In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-916 - Use of Password Hash With Insufficient Computational Effort
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS V3 containing the CmpUserMgr Affected: V3 , < V3.5.16.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:58.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-12069",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:17:42.834492Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T16:17:54.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS V3  containing the CmpUserMgr",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.16.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
                }
              ],
              "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-916",
                  "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-15T05:40:17.087Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS V3 prone to Inadequate Password Hashing",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12069",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2020-04-22T00:00:00.000Z",
        "dateUpdated": "2025-04-14T16:17:54.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12067 (GCVE-0-2020-12067)

    Vulnerability from nvd – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:18
    VLAI
    Summary
    In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-12067",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:18:23.589412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-640",
                    "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T16:18:59.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12067",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2020-04-22T00:00:00.000Z",
        "dateUpdated": "2025-04-14T16:18:59.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12067 (GCVE-0-2020-12067)

    Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:18
    VLAI
    Summary
    In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-12067",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:18:23.589412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-640",
                    "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T16:18:59.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12067",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2020-04-22T00:00:00.000Z",
        "dateUpdated": "2025-04-14T16:18:59.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12069 (GCVE-0-2020-12069)

    Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 16:17
    VLAI
    Title
    CODESYS V3 prone to Inadequate Password Hashing
    Summary
    In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-916 - Use of Password Hash With Insufficient Computational Effort
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS V3 containing the CmpUserMgr Affected: V3 , < V3.5.16.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:58.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-12069",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T16:17:42.834492Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T16:17:54.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS V3  containing the CmpUserMgr",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.16.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
                }
              ],
              "value": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-916",
                  "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-15T05:40:17.087Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-031/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-022/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS V3 prone to Inadequate Password Hashing",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12069",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2020-04-22T00:00:00.000Z",
        "dateUpdated": "2025-04-14T16:17:54.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9011 (GCVE-0-2019-9011)

    Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 17:04
    VLAI
    Summary
    In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:31:37.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-9011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:03:46.196097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-668",
                    "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T17:04:22.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2021-061/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9011",
        "datePublished": "2022-12-26T00:00:00.000Z",
        "dateReserved": "2019-02-22T00:00:00.000Z",
        "dateUpdated": "2025-04-14T17:04:22.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }