CVE-2012-6068
published 2013-01-21CVE-2012-6068: The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.27%
91.5th percentile
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3s-smart_software_solutions | codesys_control_rte | < 2.3.7.17 | 2.3.7.17 |
| 3s-smart_software_solutions | codesys_control_runtime_embedded | < 2.3.2.8 | 2.3.2.8 |
| 3s-smart_software_solutions | codesys_control_runtime_full | < 2.4.7.40 | 2.4.7.40 |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| festo | cecx-x-c1_modular_master_controller_with_codesys | — | — |
| festo | cecx-x-m1_modular_controller_with_codesys_and_softmotion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated TCP connections to the CODESYS Runtime TCP listener service; any connection that issues commands or transfers files without an authentication handshake is indicative of CVE-2012-6068 exploitation. ↗
- →Alert on any CoDeSys protocol commands accepted without a preceding authentication exchange on the CODESYS Runtime TCP listener port, as the runtime accepts all commands without authentication. ↗
- →Flag inbound connections to Port 4000/TCP (debug service) and Port 4001/TCP (log service) on Festo CECX-X-M1 / CoDeSys v2.3 devices from untrusted network segments, as these ports are unauthenticated and allow memory modification and log tampering. ↗
- ·CODESYS Runtime versions 2.3.x and 2.4.x are affected; Version 3.x is explicitly stated as NOT affected. Detections should be scoped to legacy v2.x deployments only. ↗
- ·Festo has decided not to patch the affected CECX-X-C1 and CECX-X-M1 controllers, meaning these devices will remain permanently vulnerable and require compensating network controls. ↗
- ·Public exploit code is confirmed available for this vulnerability, lowering the bar for exploitation significantly. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hh9j-6v4h-23q7: The Runtime Toolkit in CODESYS Runtime System 2
ghsa_unreviewed·2022-05-17
CVE-2012-6068 [HIGH] CWE-284 GHSA-hh9j-6v4h-23q7: The Runtime Toolkit in CODESYS Runtime System 2
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
CISA ICS
Festo CECX-X-(C1/M1) Controller Vulnerabilities
cisa_ics·2018-09-06
Festo CECX-X-(C1/M1) Controller Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Festo CECX-X-(C1/M1) Controller Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-084-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on March 25, 2014, and is now being released to the NCCIC/ICS-CERT web site.
K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo’s CECX-X-C1 and CECX-X-M1 controllers. Festo has decided not to resolve these vulnerabilities because of compatibility reasons with existing engineering tools. This places critical infrastructure asset owners using this product at risk. This a
CISA ICS
3S CoDeSys (Update A)
cisa_ics·2013-01-10·CVSS 9.8
[CRITICAL] 3S CoDeSys (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
3S CoDeSys (Update A)
Last RevisedSeptember 24, 2020
Alert CodeICSA-13-011-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
- Vendor: 3S-Smart Software Solutions
- Equipment: CoDeSys
- Vulnerabilities: Improper Access Control, Relative Path Traversal
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-13-011-01 3S CoDeSys that was published January 10, 2013, on the ICS webpage on us-cert.gov.
## 3. RISK EVALUATION
Successful exploitation of t
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.htmlhttp://www.digitalbond.com/tools/basecamp/3s-codesys/https://us.codesys.com/ecosystem/security/https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.htmlhttp://www.digitalbond.com/tools/basecamp/3s-codesys/http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
2013-01-21
Published