CVE-2012-6069

EPSS 2.23%
Published 21.01.2013 21:55:01
Last modified 02.07.2025 21:15:39
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The CoDeSys Runtime Toolkit’s file transfer functionality does not 
perform input validation, which allows an attacker to access files and 
directories outside the intended scope. This may allow an attacker to 
upload and download any file on the device. This could allow the 
attacker to affect the availability, integrity, and confidentiality of 
the device.

Affected products Warnungen 0 Metrics 3 CWE 2 References 11

Data is provided by the National Vulnerability Database (NVD)

3s-software ≫ Codesys Runtime System Version2.4.0

3s-software ≫ Codesys Runtime System Version2.3.9.8

3s-software ≫ Codesys Runtime System Version2.3.9.35

3s-software ≫ Codesys Runtime System Version2.3.9.36

3s-software ≫ Codesys Runtime System Version2.3.9.37

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.23%	0.838

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

US Government Resource

http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html

Vendor Advisory

http://www.digitalbond.com/tools/basecamp/3s-codesys/

http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf

US Government Resource

http://www.securityfocus.com/bid/56300

https://us.codesys.com/ecosystem/security/

https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01

https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01

https://nvd.nist.gov/vuln/detail/CVE-2012-6069

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-6069

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-6069

EUVD