cbcvebase.
CVE-2018-25048
published 2023-03-23

CVE-2018-25048: The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system…

high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

Affected

25 ranges
VendorProductVersion rangeFixed in
codesyscontrol_for_beaglebone>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_for_empc-a_imx6>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_for_iot2000>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_for_pfc100>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_for_pfc200>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_for_raspberry_pi>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_rte>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_rte_v3>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_v3_runtime_system_toolkit>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_win>= 3.0.0.0 < 3.5.12.303.5.12.30
codesyscontrol_win_v3>= 3.0.0.0 < 3.5.12.303.5.12.30
codesysembedded_target_visu_toolkit>= 3.0 < 3.5.12.303.5.12.30
codesyshmi>= 3.0 < 3.5.12.303.5.12.30
codesyshmi_v3>= 3.0.0.0 < 3.5.12.303.5.12.30
codesysremote_target_visu_toolkit>= 3.0 < 3.5.12.303.5.12.30
codesysruntime_plcwinnt>= 2.0.0.0 < 2.4.7.522.4.7.52
codesysruntime_system_toolkit
codesysruntime_system_toolkit>= 2.0.0.0 < 2.4.7.522.4.7.52
codesysruntime_toolkit_32_bit_embedded>= 2.0.0.0 < 2.3.2.102.3.2.10
codesysruntime_toolkit_32_bit_full>= 2.0.0.0 < 2.4.7.522.4.7.52
codesyssimulation_runtime>= 3.0.0.0 < 3.5.12.303.5.12.30
codesysv3_embedded_target_visu_toolkit>= 3.0.0.0 < 3.5.12.303.5.12.30
codesysv3_remote_target_visu>= 3.0.0.0 < 3.5.12.303.5.12.30
codesysv3_remote_target_visu_toolkit>= 3.0.0.0 < 3.5.12.303.5.12.30
codesysv3_simulation_runtime>= 3.0.0.0 < 3.5.12.303.5.12.30