CVE-2012-6069
3S CoDeSys Relative Path Traversal
The CoDeSys Runtime Toolkit’s file transfer functionality does not
perform input validation, which allows an attacker to access files and
directories outside the intended scope. This may allow an attacker to
upload and download any file on the device. This could allow the
attacker to affect the availability, integrity, and confidentiality of
the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
3S-Smart Software Solutions · CoDeSys3S-Smart Software Solutions · CODESYS Control RTE3S-Smart Software Solutions · CODESYS Control Runtime embedded3S-Smart Software Solutions · CODESYS Control Runtime fullFesto · CECX-X-C1 Modular Master Controller with CoDeSysFesto · CECX-X-M1 Modular Controller with CoDeSys and SoftMotion¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01https://us.codesys.com/ecosystem/security/https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.htmlhttp://www.digitalbond.com/tools/basecamp/3s-codesys/http://www.securityfocus.com/bid/56300http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf