Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CoDeSys Directory Traversal Vulnerability

Information

Severity

Severity

Critical

Family

Family

General

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

4 years ago

Summary

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. (CVE-2012-6068) The CoDeSys Runtime Toolkit's file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This allows an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device. (CVE-2012-6069)

Solution

Solution

Update to the latest available version.

Common Vulnerabilities and Exposures (CVE)