A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCodesys Control For Beaglebone Sl
APPCodesys< 4.11.0.0Codesys Control For Empc A\/imx6
APPCodesys< 4.11.0.0Codesys Control For Iot2000 Sl
APPCodesys< 4.11.0.0Codesys Control For Linux Arm Sl
APPCodesys< 4.11.0.0Codesys Control For Linux Sl
APPCodesys< 4.11.0.0Codesys Control For Pfc100 Sl
APPCodesys< 4.11.0.0Codesys Control For Pfc200 Sl
APPCodesys< 4.11.0.0Codesys Control For Plcnext Sl
APPCodesys< 4.11.0.0Codesys Control For Raspberry Pi Sl
APPCodesys< 4.11.0.0Codesys Control For Wago Touch Panels 600 Sl
APPCodesys< 4.11.0.0Codesys Runtime Toolkit
APPCodesys< 3.5.19.50
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
Related vulnerabilities
CVE-2022-31806CRITICAL9.8ten sam produkt
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enable...
CVE-2020-10245CRITICAL9.8ten sam produkt
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
CVE-2019-18858CRITICAL9.8ten sam produkt
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overf...
CVE-2019-13548CRITICAL9.8ten sam produkt
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or h...
CVE-2019-9010CRITICAL9.8ten sam produkt
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...