CVE-2012-4705
published 2013-02-24CVE-2012-4705: Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a…
PriorityP273critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
65.67%
99.2th percentile
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3s-software | codesys_gateway-server | <= 2.3.9.20 | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
| 3s-software | codesys_gateway-server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xdd\xdd
- →Alert on creation of .mof files in WINDOWS\system32\wbem\mof\ on hosts running CoDeSys Gateway-Server, as this is the second-stage execution mechanism used by the exploit. ↗
- →Monitor for opcode value 6 (0x06000000 little-endian) in CoDeSys Gateway-Server TCP/1211 packets, which is the file-upload opcode used by the exploit. ↗
- →A publicly available Metasploit module exploits this vulnerability; correlate IDS alerts on TCP/1211 with Metasploit framework indicators. ↗
- ·The exploit packet size field is dynamically calculated based on the uploaded file size and traversal path length; static size-based signatures may miss variants with different payload sizes. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
3S CODESYS Gateway-Server Vulnerabilities (Update A)
cisa_ics·2013-02-19
3S CODESYS Gateway-Server Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
3S CODESYS Gateway-Server Vulnerabilities (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-13-050-01A
## Overview
This updated advisory is a follow-up to the original advisory titled ICSA-13-050-01, 3S CODESYS Gateway-Server Vulnerabilities that was published February 19, 2013, on the ICS-CERT Web page.
This updated advisory provides mitigation details for five vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Gateway-Server.
Independent researcher Aaron Portnoy of Exodus Intelligence has identified five vulnerabilities in the 3S CODESYS Gateway-Server ap
GHSA
GHSA-2gp3-6mvr-759r: Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2
ghsa_unreviewed·2022-05-17
CVE-2012-4705 [HIGH] CWE-22 GHSA-2gp3-6mvr-759r: Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
No detection rules found.
Exploit-DB
CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)
exploitdb·2013-02-02
CVE-2012-4705 CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)
CADA 3S CoDeSys Gateway Server - Directory Traversal (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
# http://metasploit.com
##
require 'msf/core'
class MetasploitModule 'SCADA 3S CoDeSys Gateway Server Directory Traversal',
'Description' => %q{
This module exploits a directory traversal vulnerability that allows arbitrary
file creation, which can be used to execute a mof file in order to gain remote
execution within the SCADA system.
},
'Author' =>
[
'Enrique Sanchez '
],
'License' => 'MSF_LICENSE',
'References' =>
[
['CVE', '2012-4705'],
['OSVDB', '90368'],
['URL', 'http://ics-cert.us-cert.gov/pdf/ICSA-13-050-01-a.pdf']
],
'DisclosureDate' => 'Feb 02 2013',
'Platform' => 'win',
'Tar
Metasploit
SCADA 3S CoDeSys Gateway Server Directory Traversal
metasploit
SCADA 3S CoDeSys Gateway Server Directory Traversal
SCADA 3S CoDeSys Gateway Server Directory Traversal
This module exploits a directory traversal vulnerability that allows arbitrary file creation, which can be used to execute a mof file in order to gain remote execution within the SCADA system.
No writeups or analysis indexed.
2013-02-24
Published