Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6068

Overview
Vulnerability Score 10.0 10.0
CVE Id CVE-2012-6068
Last Modified 05 May 2014 01:16:54
Published 21 Jan 2013 04:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6068

Summary

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.

Vulnerable Systems

Application

  • 3s-software Codesys Runtime System 2.3.9.35

  • 3s-software Codesys Runtime System 2.3.9.36

  • 3s-software Codesys Runtime System 2.3.9.37

  • 3s-software Codesys Runtime System 2.3.9.8

  • 3s-software Codesys Runtime System 2.4.0


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf

MISC - http://www.digitalbond.com/tools/basecamp/3s-codesys/

CONFIRM - http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

IT Risk Posture:

Learn More
divider


Vulnerabilities

Patches

News


Free Risk Assessment Tools

Application Scanner
Find vulnerabilities on your network.

divider

Device Scanner
Find vulnerabilities on your network.

divider

Patch Scanner
Find vulnerabilities on your network.

Last Updated: 27 May 2016 10:49:52