8.8

CVE-2018-25048

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

Data is provided by the National Vulnerability Database (NVD)
CodesysControl For Beaglebone Version >= 3.0.0.0 < 3.5.12.30
CodesysControl For Empc-a/imx6 Version >= 3.0.0.0 < 3.5.12.30
CodesysControl For Iot2000 Version >= 3.0.0.0 < 3.5.12.30
CodesysControl For Pfc100 Version >= 3.0.0.0 < 3.5.12.30
CodesysControl For Pfc200 Version >= 3.0.0.0 < 3.5.12.30
CodesysControl For Raspberry Pi Version >= 3.0.0.0 < 3.5.12.30
CodesysControl Rte Version >= 3.0.0.0 < 3.5.12.30
CodesysControl V3 Runtime System Toolkit Version >= 3.0.0.0 < 3.5.12.30
CodesysControl Win Version >= 3.0.0.0 < 3.5.12.30
CodesysEmbedded Target Visu Toolkit Version >= 3.0 < 3.5.12.30
CodesysHmi Version >= 3.0 < 3.5.12.30
CodesysRemote Target Visu Toolkit Version >= 3.0 < 3.5.12.30
CodesysRuntime Plcwinnt Version >= 2.0.0.0 < 2.4.7.52
CodesysRuntime System Toolkit HwPlatformx86 Version >= 2.0.0.0 < 2.4.7.52
CodesysRuntime System Toolkit Version3.5.15.0
CodesysSimulation Runtime Version >= 3.0.0.0 < 3.5.12.30
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.46% 0.61
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
info@cert.vde.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.