cbcvebase.
CVE-2012-6068
published 2013-01-21

CVE-2012-6068: The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.27%
91.5th percentile
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.

Affected

10 ranges
VendorProductVersion rangeFixed in
3s-smart_software_solutionscodesys_control_rte< 2.3.7.172.3.7.17
3s-smart_software_solutionscodesys_control_runtime_embedded< 2.3.2.82.3.2.8
3s-smart_software_solutionscodesys_control_runtime_full< 2.4.7.402.4.7.40
3s-softwarecodesys_runtime_system
3s-softwarecodesys_runtime_system
3s-softwarecodesys_runtime_system
3s-softwarecodesys_runtime_system
3s-softwarecodesys_runtime_system
festocecx-x-c1_modular_master_controller_with_codesys
festocecx-x-m1_modular_controller_with_codesys_and_softmotion

Detection & IOCsextracted from sources · hover to see the quote

port4000/TCP
port4001/TCP
  • Monitor for unauthenticated TCP connections to the CODESYS Runtime TCP listener service; any connection that issues commands or transfers files without an authentication handshake is indicative of CVE-2012-6068 exploitation.
  • Alert on any CoDeSys protocol commands accepted without a preceding authentication exchange on the CODESYS Runtime TCP listener port, as the runtime accepts all commands without authentication.
  • Flag inbound connections to Port 4000/TCP (debug service) and Port 4001/TCP (log service) on Festo CECX-X-M1 / CoDeSys v2.3 devices from untrusted network segments, as these ports are unauthenticated and allow memory modification and log tampering.
  • ·CODESYS Runtime versions 2.3.x and 2.4.x are affected; Version 3.x is explicitly stated as NOT affected. Detections should be scoped to legacy v2.x deployments only.
  • ·Festo has decided not to patch the affected CECX-X-C1 and CECX-X-M1 controllers, meaning these devices will remain permanently vulnerable and require compensating network controls.
  • ·Public exploit code is confirmed available for this vulnerability, lowering the bar for exploitation significantly.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.