CVE-2012-6068

The CVE-2012-6068 issue affects the CODESYS Runtime Toolkit in the Runtime System 2.3.x–2.4.x, where authentication is not required for the TCP listener, enabling remote command execution or file transfers. Technical details from connected advisories (ICS-CERT and 3S CoDeSys notes) confirm improp...

CVE-2012-6069

The CVE-2012-6069 issue is a Relative Path Traversal vulnerability in the CoDeSys Runtime Toolkit’s file transfer functionality (CODESYS Runtime Toolkit). The available Connected documents confirm an input validation flaw allowing an attacker to access directories outside the intended scope and p...

CVE-2014-0769

Vulnerability CVE-2014-0769 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is improper authentication (CWE-287): unauthenticated access to TCP ports 4000 (debug) and 4001 (log) allows remote attackers to modify configuration or delete log entries. Public advisor...

CVE-2014-0760

CVE-2014-0760 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is an undocumented FTP access path that allows remote attackers to execute arbitrary code or trigger a denial of service via unspecified vectors. Public exploitation is noted in ICS-CERT advisories; mu...

CVE-2018-5440

CVE-2018-5440 affects the 3S-Smart CODESYS Web Server running on Windows (stand-alone v2.3 or within CODESYS runtime prior to v1.1.9.19). The vulnerability is a stack-based buffer overflow in the Web Visu/Web Server component, triggered by a crafted request, potentially allowing remote code execu...

CVE-2015-6482

CVE-2015-6482 affects 3S-Smart CODESYS Runtime Toolkit prior to version 2.4.7.48 and CODESYS prior to 2.3.9.48. The vulnerability is a NULL pointer dereference that can be triggered by a crafted request, enabling remote denial of service (application crash). Public sources in the connected set co...