CRITICAL🇬🇧 English

CVE-2012-6069

CVSS 10.0v3.1pub. 2013-01-21upd. 2026-04-29

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • 3s Software Codesys Runtime System

    APP
    3S-Software
    2.3.9.352.3.9.362.3.9.372.3.9.82.4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2018-5440CRITICAL9.8ten sam produkt

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft...

CVE-2012-6068CRITICAL9.8ten sam produkt

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows re...

CVE-2014-0760HIGH9.3ten sam produkt

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and ...

CVE-2014-0769HIGH9.3ten sam produkt

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and S...

CVE-2015-6482MEDIUM5.0ten sam produkt

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial ...