CRITICAL🇵🇱 Wersja polska

CVE-2012-6069

CVSS 10.0v3.1pub. 2013-01-21upd. 2026-04-29

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • 3s Software Codesys Runtime System

    APP
    3S-Software
    2.3.9.352.3.9.362.3.9.372.3.9.82.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2018-5440CRITICAL9.8ten sam produkt

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft...

CVE-2012-6068CRITICAL9.8ten sam produkt

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows re...

CVE-2014-0760HIGH9.3ten sam produkt

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and ...

CVE-2014-0769HIGH9.3ten sam produkt

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and S...

CVE-2015-6482MEDIUM5.0ten sam produkt

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial ...