CVE-2018-25048

CWE-22 — Path Traversal3 documents3 sources

Severity

8.8HIGH

EPSS

1.0%

top 23.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone Codesys Control FOR Empc-a/imx6 Codesys Control FOR Iot2000 +22 more

Timeline

PublishedMar 23

Description

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages27 packages

▶NVDcodesys/runtime_system_toolkit2.0.0.0 — 2.4.7.52+1

▶CVEListV5codesys/control_v3_runtime_system_toolkit3.0.0.0 — 3.5.12.30

▶NVDcodesys/control_v3_runtime_system_toolkit3.0.0.0 — 3.5.12.30

▶CVEListV5codesys/v3_simulation_runtime_(part_of_the_codesys_development_system)3.0.0.0 — 3.5.12.30

▶CVEListV5codesys/runtime_plcwinnt2.0.0.0 — 2.4.7.52

🔴Vulnerability Details

GHSA

GHSA-4wf9-5wgg-q5qq: The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify al↗2023-03-23

▶

CVEList

Codesys Runtime Improper Limitation of a Pathname↗2023-03-23

▶