Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

  • Published: Dec 26, 2022
  • Updated: May 4, 2025
  • CVE: CVE-2020-12069
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
pilz / pmc 3.0.0 3.5.17
codesys / control_for_beaglebone - 3.5.16.0
codesys / control_for_empc-a/imx6 - 3.5.16.0
codesys / control_for_iot2000 - 3.5.16.0
codesys / control_for_pfc100 - 3.5.16.0
codesys / control_for_pfc200 - 3.5.16.0
codesys / control_for_plcnext - 3.5.16.0
codesys / control_for_raspberry_pi - 3.5.16.0
codesys / hmi_v3 - 3.5.16.0
codesys / control_v3_runtime_system_toolkit - 3.5.16.0
codesys / v3_simulation_runtime - 3.5.16.0
codesys / control_win_v3 - 3.5.16.0
codesys / control_rte_v3 - 3.5.16.0
codesys / control_for_linux - 3.5.16.0
festo / controller_cecc-d_firmware 2.3.8.0 2.3.8.0.x
festo / controller_cecc-d_firmware 2.3.8.1 2.3.8.1.x
festo / controller_cecc-lk_firmware 2.3.8.0 2.3.8.0.x
festo / controller_cecc-lk_firmware 2.3.8.1 2.3.8.1.x
festo / controller_cecc-s_firmware 2.3.8.0 2.3.8.0.x
festo / controller_cecc-s_firmware 2.3.8.1 2.3.8.1.x
wago / 750-8216_firmware - 03.06.19\(18\)
wago / 750-8215_firmware - 03.06.19\(18\)
wago / 750-8214_firmware - 03.06.19\(18\)
wago / 750-8213_firmware - 03.06.19\(18\)
wago / 750-8212_firmware - 03.06.19\(18\)
wago / 750-8211_firmware - 03.06.19\(18\)
wago / 750-8210_firmware - 03.06.19\(18\)
wago / 750-8207_firmware - 03.06.19\(18\)
wago / 750-8206_firmware - 03.06.19\(18\)
wago / 750-8204_firmware - 03.06.19\(18\)
wago / 750-8203_firmware - 03.06.19\(18\)
wago / 750-8202_firmware - 03.06.19\(18\)
wago / 750-8102_firmware - 03.06.19\(18\)
wago / 750-8101_firmware - 03.06.19\(18\)
wago / 750-8100_firmware - 03.06.19\(18\)
wago / 762-4201/8000-001_firmware - 03.06.19\(18\)
wago / 762-4202/8000-001_firmware - 03.06.19\(18\)
wago / 762-4203/8000-001_firmware - 03.06.19\(18\)
wago / 762-4204/8000-001_firmware - 03.06.19\(18\)
wago / 762-4205/8000-001_firmware - 03.06.19\(18\)
wago / 762-4205/8000-002_firmware - 03.06.19\(18\)
wago / 762-4206/8000-001_firmware - 03.06.19\(18\)
wago / 762-4206/8000-002_firmware - 03.06.19\(18\)
wago / 762-4301/8000-002_firmware - 03.06.19\(18\)
wago / 762-4302/8000-002_firmware - 03.06.19\(18\)
wago / 762-4303/8000-002_firmware - 03.06.19\(18\)
wago / 762-4304/8000-002_firmware - 03.06.19\(18\)
wago / 762-4305/8000-002_firmware - 03.06.19\(18\)
wago / 762-4306/8000-002_firmware - 03.06.19\(18\)
wago / 762-5203/8000-001_firmware - 03.06.19\(18\).x
wago / 762-5204/8000-001_firmware - 03.06.19\(18\)
wago / 762-5205/8000-001_firmware - 03.06.19\(18\)
wago / 762-5206/8000-001_firmware - 03.06.19\(18\)
wago / 762-5303/8000-002_firmware - 03.06.19\(18\)
wago / 762-5304/8000-002_firmware - 03.06.19\(18\)
wago / 762-5305/8000-002_firmware - 03.06.19\(18\)
wago / 762-5306/8000-002_firmware - 03.06.19\(18\)
wago / 762-6201/8000-001_firmware - 03.06.19\(18\).x
wago / 762-6202/8000-001_firmware - 03.06.19\(18\)
wago / 762-6203/8000-001_firmware - 03.06.19\(18\)
wago / 762-6204/8000-001_firmware - 03.06.19\(18\)
wago / 762-6301/8000-002_firmware - 03.06.19\(18\)
wago / 762-6302/8000-002_firmware - 03.06.19\(18\)
wago / 762-6303/8000-002_firmware - 03.06.19\(18\)
wago / 762-6304/8000-002_firmware - 03.06.19\(18\)
wago / 752-8303/8000-0002_firmware - 03.06.19\(18\)