CVE-2012-6069
published 2013-01-21CVE-2012-6069: The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside…
PriorityP260critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.64%
83.7th percentile
The CoDeSys Runtime Toolkit’s file transfer functionality does not
perform input validation, which allows an attacker to access files and
directories outside the intended scope. This may allow an attacker to
upload and download any file on the device. This could allow the
attacker to affect the availability, integrity, and confidentiality of
the device.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3s-smart_software_solutions | codesys_control_rte | < 2.3.7.17 | 2.3.7.17 |
| 3s-smart_software_solutions | codesys_control_runtime_embedded | < 2.3.2.8 | 2.3.2.8 |
| 3s-smart_software_solutions | codesys_control_runtime_full | < 2.4.7.40 | 2.4.7.40 |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| 3s-software | codesys_runtime_system | — | — |
| festo | cecx-x-c1_modular_master_controller_with_codesys | — | — |
| festo | cecx-x-m1_modular_controller_with_codesys_and_softmotion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on any unauthenticated connections to CoDeSys runtime ports; the runtime does not require authentication, so any connection sending CoDeSys commands without a prior auth exchange is suspicious. ↗
- →Flag traffic to Port 4000/TCP and Port 4001/TCP on Festo CECX-X-C1/M1 controllers from untrusted hosts, as these are unauthenticated debug and log service ports exploitable without credentials. ↗
- →Public exploit code is known to be available for these vulnerabilities; correlate any IDS hits against known exploit frameworks targeting CoDeSys V2.3 runtime. ↗
- ·Only CoDeSys V2.x runtime versions are affected; CoDeSys Version 3.X is explicitly stated as not vulnerable. ↗
- ·Festo has decided not to patch the affected CECX-X-C1 and CECX-X-M1 controllers, meaning these devices remain permanently vulnerable and require compensating network controls. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6q9j-3828-rfxj: Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2
ghsa_unreviewed·2022-05-17
CVE-2012-6069 [HIGH] CWE-22 GHSA-6q9j-3828-rfxj: Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2
Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. (dot dot) in a request to the TCP listener service.
CISA ICS
Festo CECX-X-(C1/M1) Controller Vulnerabilities
cisa_ics·2018-09-06
Festo CECX-X-(C1/M1) Controller Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Festo CECX-X-(C1/M1) Controller Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-084-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on March 25, 2014, and is now being released to the NCCIC/ICS-CERT web site.
K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo’s CECX-X-C1 and CECX-X-M1 controllers. Festo has decided not to resolve these vulnerabilities because of compatibility reasons with existing engineering tools. This places critical infrastructure asset owners using this product at risk. This a
CISA ICS
3S CoDeSys (Update A)
cisa_ics·2013-01-10·CVSS 9.8
[CRITICAL] 3S CoDeSys (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
3S CoDeSys (Update A)
Last RevisedSeptember 24, 2020
Alert CodeICSA-13-011-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
- Vendor: 3S-Smart Software Solutions
- Equipment: CoDeSys
- Vulnerabilities: Improper Access Control, Relative Path Traversal
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-13-011-01 3S CoDeSys that was published January 10, 2013, on the ICS webpage on us-cert.gov.
## 3. RISK EVALUATION
Successful exploitation of t
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.htmlhttp://www.digitalbond.com/tools/basecamp/3s-codesys/https://us.codesys.com/ecosystem/security/https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.htmlhttp://www.digitalbond.com/tools/basecamp/3s-codesys/http://www.securityfocus.com/bid/56300http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
2013-01-21
Published