NVD - CVE-2018-20026

Vulnerability Change Records for CVE-2018-20026

Change History

Initial Analysis by NIST 2/22/2019 11:38:39 AM

Action	Type	Old Value	New Value
Added	CPE Configuration		OR cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_for_iot2000_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_for_linux_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_for_pfc100_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_for_pfc200_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_rte_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_runtime_toolkit::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:control_win_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:development_system_v3::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:gateway::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:hmi_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:opc_server::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:plchandler::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:safety_sil2::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0 cpe:2.3:a:codesys:targetvisu_sl::::::::* versions from (including) 3.0 up to (excluding) 3.5.14.0
Added	CVSS V2		(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added	CVSS V3		AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Added	CWE		CWE-254
Changed	Reference Type	http://www.securityfocus.com/bid/106251 No Types Assigned	http://www.securityfocus.com/bid/106251 Third Party Advisory, VDB Entry
Changed	Reference Type	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ No Types Assigned	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/ Mitigation, Third Party Advisory