CVE-2018-25048
Codesys Runtime Improper Limitation of a Pathname
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
CODESYS · Control for BeagleBoneCODESYS · Control for emPC-A/iMX6CODESYS · Control for IOT2000CODESYS · Control for PFC100CODESYS · Control for PFC200CODESYS · Control for Raspberry PiCODESYS · Control RTE V3 (all variants)CODESYS · Control V3 Runtime System ToolkitCODESYS · Control Win V3 (all variants)CODESYS · HMI V3 (all variants)CODESYS · Runtime PLCWinNTCODESYS · Runtime Toolkit 32 bit embeddedCODESYS · Runtime Toolkit 32 bit fullCODESYS · V3 Embedded Target Visu ToolkitCODESYS · V3 Remote Target Visu (all variants)CODESYS · V3 Remote Target Visu ToolkitCODESYS · V3 Simulation Runtime (part of the CODESYS Development System)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →