Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.103599 |
Category: | General |
Title: | Codesys Directory Traversal Vulnerability |
Summary: | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not;require authentication, which allows remote attackers to execute commands via the command-line interface in the;TCP listener service or transfer files via requests to the TCP listener service. (CVE-2012-6068);;The CoDeSys Runtime Toolkit's file transfer functionality does not perform input validation, which allows an;attacker to access files and directories outside the intended scope. This allows an attacker to upload and;download any file on the device. This could allow the attacker to affect the availability, integrity, and;confidentiality of the device. (CVE-2012-6069) |
Description: | Summary: The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. (CVE-2012-6068) The CoDeSys Runtime Toolkit's file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This allows an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device. (CVE-2012-6069) Solution: Update to the latest available version. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 56300 Common Vulnerability Exposure (CVE) ID: CVE-2012-6069 http://www.securityfocus.com/bid/56300 http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 http://www.digitalbond.com/tools/basecamp/3s-codesys/ http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf Common Vulnerability Exposure (CVE) ID: CVE-2012-6068 |
Copyright | Copyright (C) 2012 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |