Описание
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort.
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-12069
- https://cert.vde.com/en/advisories/VDE-2021-061
- https://cert.vde.com/en/advisories/VDE-2022-022
- https://cert.vde.com/en/advisories/VDE-2022-031
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=
Связанные уязвимости
CVSS3: 7.8
nvd
почти 3 года назад
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.