CVE-2012-6068

Severity

99%

Complexity

99%

Confidentiality

165%

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

3s-Software CODESYS Runtime System

First reported 12 years ago

2013-01-21 21:55:00

Last updated 10 years ago

2014-05-05 05:16:00

Affected Software

3s-Software CODESYS Runtime System 2.3.9.8

2.3.9.8

3s-Software CODESYS Runtime System 2.3.9.35

2.3.9.35

3s-Software CODESYS Runtime System 2.3.9.36

2.3.9.36

3s-Software CODESYS Runtime System 2.3.9.37

2.3.9.37

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

US Government Resource

http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html

Vendor Advisory

http://www.digitalbond.com/tools/basecamp/3s-codesys/

http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf

US Government Resource

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.