SAINT CorporationSAINT:C11A542E2F9501B864261AA9E843FE033S Smart Software Solutions CoDeSys Gateway Server Directory Traversal
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.673 Medium
EPSS
Percentile
98.0%
Added: 05/06/2013
CVE: CVE-2012-4705
BID: 59446
OSVDB: 90368
Background
Smart Software Solutions GmbH (3S) manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The Gateway Server listens on TCP port 1211.
Problem
3S CoDeSys Gateway Server before 2.3.9.27 is vulnerable to directory traversal. This vulnerability allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
Resolution
A patch is available from the vendor.
References
<http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A>
<http://secunia.com/advisories/52253/>
Limitations
This exploit has been tested against Smart Software Solutions CoDeSys 2.3.9.31 on Windows Server 2003 SP2 English with DEP OptOut.
Platforms
Windows
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.673 Medium
EPSS
Percentile
98.0%