← Volver a CVEs
CVE-2012-6069
CRITICAL10.0
Descripcion
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/21/2013
Ultima modificacion7/2/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
3s-software:codesys_runtime_system
Debilidades (CWE)
CWE-23CWE-22
Referencias
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html(ics-cert@hq.dhs.gov)
http://www.digitalbond.com/tools/basecamp/3s-codesys/(ics-cert@hq.dhs.gov)
https://us.codesys.com/ecosystem/security/(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01(ics-cert@hq.dhs.gov)
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01(af854a3a-2127-422b-91ae-364da2661108)
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.digitalbond.com/tools/basecamp/3s-codesys/(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/56300(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.