CVE-2018-20026 is an industrial control systems vulnerability involving improper communication address filtering in CODESYS V3 products prior to version 3.5.14.0. In the CISA-republished Festo advisory, the issue is tied to Festo Automation Suite deployments that include CODESYS components, and the advised response is to move to patched CODESYS releases and keep the suite current.
CVE-2018-20025 is a high-severity weakness in CODESYS V3 products prior to version 3.5.14.0 involving insufficiently random values. In the CISA-republished Festo advisory, the issue is associated with CODESYS components used in Festo Automation Suite deployments. The published CVSS vector indicates a network-reachable issue with no privileges or user interaction required and high confidentiality impact.
