Lucene search

[email protected]CVE-2012-6069

HistoryJan 21, 2013 - 9:55 p.m.

CVE-2012-6069

2013-01-2121:55:01

CWE-22

[email protected]

web.nvd.nist.gov

cve

codesys

vulnerability

directory traversal

remote attackers

tcp listener service

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a … (dot dot) in a request to the TCP listener service.

Affected configurations

NVD

Node

3s-softwarecodesys_runtime_systemMatch2.4.0

Node

3s-softwarecodesys_runtime_systemMatch2.3.9.8

3s-softwarecodesys_runtime_systemMatch2.3.9.35

3s-softwarecodesys_runtime_systemMatch2.3.9.36

3s-softwarecodesys_runtime_systemMatch2.3.9.37

CPENameOperatorVersion
3s-software:codesys_runtime_system3s-software codesys runtime systemeq2.4.0

CPE	Name	Operator	Version
3s-software:codesys_runtime_system	3s-software codesys runtime system	eq	2.4.0

References

ics-cert.us-cert.gov/advisories/ICSA-14-084-01

www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html

www.digitalbond.com/tools/basecamp/3s-codesys/

www.securityfocus.com/bid/56300

www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for CVE-2012-6069

nvd1 prion1 cvelist1 openvas1 ics2