← Back to home
ICSA-19-213-04  ·  Published 2020-05-14  ·  View on CISA ICS-CERT ↗

3S-Smart Software Solutions GmbH CODESYS V3 (Update A)

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow for an attacker with access to PLC traffic to obtain user credentials.

CVEs (1)

Remediations

  • 3S-Smart Software Solutions GmbH reports this vulnerability will be corrected by downloading Version 3.5.16.0
  • For more information, please see the CODESYS V3 advisory 2019-08.

Affected Vendors

3S-Smart Software Solutions GmbH

Affected Products (13)

3S-Smart Software Solutions GmbH · CODESYS Control for PFC200 containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control Win V3 (also part of the CODESYS Development System setup) containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control RTE V3 (for Beckhoff CX) containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS V3 Simulation Runtime (part of the CODESYS Development System) containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control for Linux containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control V3 Runtime System Toolkit containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control for IOT2000 containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control for BeagleBone containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control RTE V3 containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS HMI V3 containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control for emPC-A/iMX6 containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control for Raspberry Pi containing the CmpUserMgr component vers:all/*
3S-Smart Software Solutions GmbH · CODESYS Control for PFC100 containing the CmpUserMgr component vers:all/*

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more