{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-11T11:39:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download="}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"}, {"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download="}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:31:37.591Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download="}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9013", "datePublished": "2019-08-15T16:08:31", "dateReserved": "2019-02-22T00:00:00", "dateUpdated": "2024-08-04T21:31:37.591Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "039F6952-A4B8-4DFE-A66A-BFDED2613EA1", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F49287B-562F-4439-BFFC-AEFD2E338FDE", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "19D75972-D10B-42E2-B745-40D116EE0F55", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A58A411-9A42-487C-85CE-EAD39D9BD0A4", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "83B749C0-A553-42AB-AFCF-91F990BAA765", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C13DE019-B415-4373-8FC2-54A2898F50EA", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7A46E2C-E90A-462B-BA73-1D67BC558C28", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "992A4A8B-C289-43AF-B3CC-EAE75FB4DD35", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A788394-1FB1-49A3-9C48-C91F190B5B16", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "00A0327E-0FD9-403B-A5F5-6C3D496FF53F", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA348F5-4B88-487E-A2B6-F600FAFDAD19", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "40EE54FB-B551-431D-B469-DCEB42BE8132", "versionEndExcluding": "3.5.16.0", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los productos 3S-Smart CODESYS V3. La aplicaci\u00f3n puede utilizar cifrado no basado en TLS, lo que resulta en que las credenciales de usuario no est\u00e9n suficientemente protegidas durante el transporte. Todas las variantes de los siguientes productos CODESYS V3 en todas las versiones que contienen el componente CmpUserMgr est\u00e1n afectadas indiferentemente del tipo de CPU o sistema operativo: CODESYS Control para BeagleBone, CODESYS Control para emPC-A/iMX6, CODESYS Control para IOT2000, CODESYS Control para Linux, CODESYS Control para PFC100, CODESYS Control para PFC200, CODESYS Control para Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (para Beckhoff CX), CODESYS Control Win V3 (tambi\u00e9n parte de la configuraci\u00f3n de CODESYS Development System), CODESYS V3 Simulation Runtime (parte del CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."}], "id": "CVE-2019-9013", "lastModified": "2023-05-16T11:15:45.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-15T17:15:13.660", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download="}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}