CVE-2012-6069

The CoDeSys Runtime Toolkits file transfer functionality does not 
perform input validation, which allows an attacker to access files and 
directories outside the intended scope. This may allow an attacker to 
upload and download any file on the device. This could allow the 
attacker to affect the availability, integrity, and confidentiality of 
the device.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
icscertCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
3s-softwarecodesys_runtime_system
2.4.0
3s-softwarecodesys_runtime_system
2.3.9.8
3s-softwarecodesys_runtime_system
2.3.9.35
3s-softwarecodesys_runtime_system
2.3.9.36
3s-softwarecodesys_runtime_system
2.3.9.37
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
http://www.digitalbond.com/tools/basecamp/3s-codesys/
https://us.codesys.com/ecosystem/security/
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01
https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
http://www.digitalbond.com/tools/basecamp/3s-codesys/
http://www.securityfocus.com/bid/56300
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf