Description
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106251
Mitigation, Third Party Advisory x_refsource_misc
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04
Scores
CVSS v3
7.5
EPSS
0.0256
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
Status
published
Products (15)
codesys/control_for_beaglebone_sl
3.0 - 3.5.14.0
codesys/control_for_empc-a\/imx6_sl
3.0 - 3.5.14.0
codesys/control_for_iot2000_sl
3.0 - 3.5.14.0
codesys/control_for_linux_sl
3.0 - 3.5.14.0
codesys/control_for_pfc100_sl
3.0 - 3.5.14.0
codesys/control_for_pfc200_sl
3.0 - 3.5.14.0
codesys/control_for_raspberry_pi_sl
3.0 - 3.5.14.0
codesys/control_rte_sl
3.0 - 3.5.14.0
codesys/control_rte_sl_\(for_beckhoff_cx\)
3.0 - 3.5.14.0
codesys/control_runtime_toolkit
3.0 - 3.5.14.0
... and 5 more
Published
Feb 19, 2019
Tracked Since
Feb 18, 2026