Description
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download=
Scores
CVSS v3
7.5
EPSS
0.0101
EPSS Percentile
58.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (7)
codesys/control
< 4.2.0.0 (9 CPE variants)
codesys/control_rte
< 3.5.17.10 (2 CPE variants)
codesys/control_runtime_system_toolkit
< 3.5.17.10
codesys/control_win_sl
< 3.5.17.10
codesys/embedded_target_visu_toolkit
< 3.5.17.10
codesys/hmi
< 3.5.17.10
codesys/remote_target_visu_toolkit
< 3.5.17.10
Published
Aug 03, 2021
Tracked Since
Feb 18, 2026