The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H3s Software Codesys Runtime System
APP3S-Software2.3.9.352.3.9.362.3.9.372.3.9.82.4.0
Related vulnerabilities
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft...
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows re...
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and ...
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and S...
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial ...