Vulnerability Description
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3S-Software | Codesys Runtime System | 2.4.0 |
Related Weaknesses (CWE)
References
- http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecVendor Advisory
- http://www.digitalbond.com/tools/basecamp/3s-codesys/
- https://us.codesys.com/ecosystem/security/
- https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01US Government Resource
- http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecVendor Advisory
- http://www.digitalbond.com/tools/basecamp/3s-codesys/
- http://www.securityfocus.com/bid/56300
- http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdfUS Government Resource
FAQ
What is CVE-2012-6069?
CVE-2012-6069 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an at...
How severe is CVE-2012-6069?
CVE-2012-6069 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-6069?
Check the references section above for vendor advisories and patch information. Affected products include: 3S-Software Codesys Runtime System.