Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103599
Category:General
Title:Codesys Directory Traversal Vulnerability
Summary:The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not;require authentication, which allows remote attackers to execute commands via the command-line interface in the;TCP listener service or transfer files via requests to the TCP listener service. (CVE-2012-6068);;The CoDeSys Runtime Toolkit's file transfer functionality does not perform input validation, which allows an;attacker to access files and directories outside the intended scope. This allows an attacker to upload and;download any file on the device. This could allow the attacker to affect the availability, integrity, and;confidentiality of the device. (CVE-2012-6069)
Description:Summary:
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not
require authentication, which allows remote attackers to execute commands via the command-line interface in the
TCP listener service or transfer files via requests to the TCP listener service. (CVE-2012-6068)

The CoDeSys Runtime Toolkit's file transfer functionality does not perform input validation, which allows an
attacker to access files and directories outside the intended scope. This allows an attacker to upload and
download any file on the device. This could allow the attacker to affect the availability, integrity, and
confidentiality of the device. (CVE-2012-6069)

Solution:
Update to the latest available version.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 56300
Common Vulnerability Exposure (CVE) ID: CVE-2012-6069
http://www.securityfocus.com/bid/56300
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01
http://www.digitalbond.com/tools/basecamp/3s-codesys/
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
Common Vulnerability Exposure (CVE) ID: CVE-2012-6068
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.