CVE-2012-6069
CRITICALCODESYS Runtime System - Path Traversal and Arbitrary File Write via File Transfer Functionality
Title source: llmDescription
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
References (8)
Core 8
Core References
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01
US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
Various Sources
https://us.codesys.com/ecosystem/security/
Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/56300
Vendor Advisory x_refsource_confirm
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
Various Sources x_refsource_misc
http://www.digitalbond.com/tools/basecamp/3s-codesys/
Scores
CVSS v3
10.0
EPSS
0.0264
EPSS Percentile
83.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-23
Status
published
Products (11)
3S-Smart Software Solutions/CoDeSys
3.X
3S-Smart Software Solutions/CODESYS Control RTE
< 2.3.7.17
3S-Smart Software Solutions/CODESYS Control Runtime embedded
< 2.3.2.8
3S-Smart Software Solutions/CODESYS Control Runtime full
< 2.4.7.40
3s-software/codesys_runtime_system
2.4.0
3s-software/codesys_runtime_system
2.3.9.8
3s-software/codesys_runtime_system
2.3.9.35
3s-software/codesys_runtime_system
2.3.9.36
3s-software/codesys_runtime_system
2.3.9.37
Festo/CECX-X-C1 Modular Master Controller with CoDeSys
All
... and 1 more
Published
Jan 21, 2013
Tracked Since
Feb 18, 2026