CVE-2012-6068

🗓️ 21 Jan 2013 21:00:00Reported by icscertType

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to execute commands and transfer files

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2012-6068 3S CoDeSys Improper Access Control	21 Jan 201321:00	–	cvelist
EUVD	EUVD-2012-5942	7 Oct 202500:30	–	euvd
ICS	3S CoDeSys (Update A)	24 Sep 202012:00	–	ics
NVD	CVE-2012-6068	21 Jan 201321:55	–	nvd
OpenVAS	CODESYS Multiple Vulnerabilities (Oct 2012) - Active Check	29 Oct 201200:00	–	openvas
Prion	Authentication flaw	21 Jan 201321:55	–	prion
Positive Technologies	PT-2012-1188 · 3S Smart Software Solutions · Codesys Runtime System +1	5 Dec 201200:00	–	ptsecurity
Tenable Nessus	CoDeSys Unauthenticated Command-line Access	2 Nov 201200:00	–	nessus
Tenable Nessus	CoDeSys Authentication Bypass Directory Traversal	2 Nov 201200:00	–	nessus

NVD

Vulners

Node

3s-software codesys_runtime_systemMatch2.3.9.8

3s-software codesys_runtime_systemMatch2.3.9.35

3s-software codesys_runtime_systemMatch2.3.9.36

3s-software codesys_runtime_systemMatch2.3.9.37

Node

3s-software codesys_runtime_systemMatch2.4.0

[
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control Runtime embedded",
    "vendor": "3S-Smart Software Solutions",
    "versions": [
      {
        "lessThan": "2.3.2.8",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control Runtime full",
    "vendor": "3S-Smart Software Solutions",
    "versions": [
      {
        "lessThan": "2.4.7.40",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CODESYS Control RTE",
    "vendor": "3S-Smart Software Solutions",
    "versions": [
      {
        "lessThan": "2.3.7.17",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CECX-X-C1 Modular Master Controller with CoDeSys",
    "vendor": "Festo",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
    "vendor": "Festo",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CoDeSys",
    "vendor": "3S-Smart Software Solutions",
    "versions": [
      {
        "status": "unaffected",
        "version": "3.X"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
digitalbond	www.digitalbond.com/tools/basecamp/3s-codesys/
us	www.us.codesys.com/ecosystem/security/
codesys	www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
cisa	www.cisa.gov/news-events/ics-advisories/icsa-13-011-01
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-14-084-01
us-cert	www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf

29 Apr 2026 01:13Current

7.1High risk

Vulners AI Score7.1

CVSS 210

CVSS 3.19.8

EPSS0.04384