CVE-2012-4705

3S CODESYS Gateway-Server <2.3.9.27 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4705. PoCs published by Metasploit, including Metasploit module exploits/windows/scada/codesys_gateway_server_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability (CVE-2012-4705) in SCADA 3S CoDeSys Gateway Server to upload and execute arbitrary files, achieving remote code execution via a two-step process involving an executable and a MOF file.

Description

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/41712

This Metasploit module exploits a directory traversal vulnerability (CVE-2012-4705) in SCADA 3S CoDeSys Gateway Server to upload and execute arbitrary files, achieving remote code execution via a two-step process involving an executable and a MOF file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SCADA 3S CoDeSys Gateway Server < 2.3.9.27
No auth needed
Prerequisites: Network access to the target system on port 1211
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb

This Metasploit module exploits a directory traversal vulnerability (CVE-2012-4705) in SCADA 3S CoDeSys Gateway Server to upload and execute arbitrary files, achieving remote code execution via a two-step process involving an executable and a MOF file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SCADA 3S CoDeSys Gateway Server < 2.3.9.27
No auth needed
Prerequisites: Network access to TCP port 1211 · Vulnerable version of CoDeSys Gateway Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.7039
EPSS Percentile 98.7%

Details

CWE
CWE-22
Status published
Products (17)
3s-software/codesys_gateway-server 2.3.5.1
3s-software/codesys_gateway-server 2.3.5.2
3s-software/codesys_gateway-server 2.3.5.3
3s-software/codesys_gateway-server 2.3.6.0
3s-software/codesys_gateway-server 2.3.7.0
3s-software/codesys_gateway-server 2.3.8.0
3s-software/codesys_gateway-server 2.3.8.1
3s-software/codesys_gateway-server 2.3.8.2
3s-software/codesys_gateway-server 2.3.9
3s-software/codesys_gateway-server 2.3.9.1
... and 7 more
Published Feb 24, 2013
Tracked Since Feb 18, 2026