Vulnerabilites related to 3s-software - codesys_runtime_system
Vulnerability from fkie_nvd
Published
2014-04-25 05:12
Modified
2025-07-02 21:15
Severity ?
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softmotion3d | softmotion | - | |
| festo | cecx-x-m1_modular_controller | - | |
| 3s-software | codesys_runtime_system | - | |
| festo | cecx-x-c1_modular_master_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softmotion3d:softmotion:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A68669-AFEA-4D4A-A8B8-3D95137AEDAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:cecx-x-m1_modular_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6BC4C2-B93A-42A3-85A4-7161C769EE04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "846BA4EA-FA65-46B9-90B3-662E51F06B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:cecx-x-c1_modular_master_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4428AC4-B79E-4DDC-8CB1-6F91F835945B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
},
{
"lang": "es",
"value": "Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion no requieren autenticaci\u00f3n para conexiones a puertos TCP, lo que permite a atacantes remotos (1) modificar la configuraci\u00f3n a trav\u00e9s de una solicitud hacia el servicio de depuraci\u00f3n en puerto 4000 o (2) eliminar entradas de registro a trav\u00e9s de una solicitud hacia el servicio de registro de puerto 4001."
}
],
"id": "CVE-2014-0769",
"lastModified": "2025-07-02T21:15:39.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-25T05:12:07.753",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-25 05:12
Modified
2025-07-02 21:15
Severity ?
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1
Modular Controller with CoDeSys and SoftMotion provide an undocumented
access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application
crash) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3s-software | codesys_runtime_system | - | |
| festo | cecx-x-c1_modular_master_controller | - | |
| softmotion3d | softmotion | - | |
| festo | cecx-x-m1_modular_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "846BA4EA-FA65-46B9-90B3-662E51F06B74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:cecx-x-c1_modular_master_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4428AC4-B79E-4DDC-8CB1-6F91F835945B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softmotion3d:softmotion:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A68669-AFEA-4D4A-A8B8-3D95137AEDAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:festo:cecx-x-m1_modular_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6BC4C2-B93A-42A3-85A4-7161C769EE04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1\n Modular Controller with CoDeSys and SoftMotion provide an undocumented \naccess method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application \ncrash) via unspecified vectors."
},
{
"lang": "es",
"value": "Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion proporcionan un m\u00e9todo de acceso no documentado involucrando el protocolo FTP, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0760",
"lastModified": "2025-07-02T21:15:39.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-25T05:12:07.693",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-21 21:55
Modified
2025-07-02 21:15
Severity ?
Summary
The CoDeSys Runtime Toolkit’s file transfer functionality does not
perform input validation, which allows an attacker to access files and
directories outside the intended scope. This may allow an attacker to
upload and download any file on the device. This could allow the
attacker to affect the availability, integrity, and confidentiality of
the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3s-software | codesys_runtime_system | 2.4.0 | |
| 3s-software | codesys_runtime_system | 2.3.9.8 | |
| 3s-software | codesys_runtime_system | 2.3.9.35 | |
| 3s-software | codesys_runtime_system | 2.3.9.36 | |
| 3s-software | codesys_runtime_system | 2.3.9.37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89253C44-34F0-457C-9EEE-E7028F737E02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAB8128-4A70-44CA-A4D3-C859010C8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*",
"matchCriteriaId": "0B99BA40-647D-4203-A003-CAEEF776EF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:*",
"matchCriteriaId": "50443443-14B4-4245-BBE3-C5E451739EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:*",
"matchCriteriaId": "44C690B5-EE5B-4504-B40D-879F757C8029",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CoDeSys Runtime Toolkit\u2019s file transfer functionality does not \nperform input validation, which allows an attacker to access files and \ndirectories outside the intended scope. This may allow an attacker to \nupload and download any file on the device. This could allow the \nattacker to affect the availability, integrity, and confidentiality of \nthe device."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el Runtime Toolkit de CODESYS Runtime System v2.3.x y v2.4.x que permite a atacantes remotos leer, sobreescribir, o crear ficheros a trav\u00e9s de .. (punto punto) en una solicitud al servicio de escucha TCP."
}
],
"id": "CVE-2012-6069",
"lastModified": "2025-07-02T21:15:39.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2013-01-21T21:55:01.150",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://us.codesys.com/ecosystem/security/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-21 21:55
Modified
2025-07-02 20:15
Severity ?
Summary
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3s-software | codesys_runtime_system | 2.3.9.8 | |
| 3s-software | codesys_runtime_system | 2.3.9.35 | |
| 3s-software | codesys_runtime_system | 2.3.9.36 | |
| 3s-software | codesys_runtime_system | 2.3.9.37 | |
| 3s-software | codesys_runtime_system | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAB8128-4A70-44CA-A4D3-C859010C8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*",
"matchCriteriaId": "0B99BA40-647D-4203-A003-CAEEF776EF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:*",
"matchCriteriaId": "50443443-14B4-4245-BBE3-C5E451739EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:*",
"matchCriteriaId": "44C690B5-EE5B-4504-B40D-879F757C8029",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89253C44-34F0-457C-9EEE-E7028F737E02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service."
},
{
"lang": "es",
"value": "El Runtime Toolkit de CODESYS Runtime System v2.3.x y v2.4.x no requiere autenticaci\u00f3n, lo que permite a atacantes remotos (1) ejecutar comandos a trav\u00e9s de la interfaz de l\u00ednea de comandos del servicio de escucha de TCP o (2) transferir archivos a trav\u00e9s de una petici\u00f3n al servicio de escucha TCP"
}
],
"id": "CVE-2012-6068",
"lastModified": "2025-07-02T20:15:28.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2013-01-21T21:55:01.103",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://us.codesys.com/ecosystem/security/"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-18 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3s-software | codesys_runtime_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D076F5-F752-4AC0-AEE4-F39447A91C5F",
"versionEndIncluding": "2.3.9.47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request."
},
{
"lang": "es",
"value": "Runtime Toolkit en versiones anteriores a 2.4.7.48 en 3S-Smart CODESYS en versiones anteriores a 2.3.9.48 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2015-6482",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-18T19:59:02.823",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-15 10:29
Modified
2024-11-21 04:08
Severity ?
Summary
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/102909 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102909 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3s-software | codesys_runtime_system | * | |
| 3s-software | codesys_web_server | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B75FDB8D-51F3-43D4-B2ED-990F0ED9CC17",
"versionEndExcluding": "1.1.9.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:3s-software:codesys_web_server:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F918177-556A-494A-A524-D4FEEF8CBE20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de desbordamiento de b\u00fafer basado en pila en 3S-Smart CODESYS Web Server. Espec\u00edficamente: todos los servidores web CODESYS basados en Microsoft Windows (tambi\u00e9n WinCE) que ejecutan la versi\u00f3n independiente 2.3 o que formen parte del sistema runtime CODESYS que ejecuta versiones anteriores a la V1.1.9.19. Una petici\u00f3n manipulada podr\u00eda provocar un desbordamiento de b\u00fafer y, por lo tanto, ejecutar c\u00f3digo arbitrario en el servidor web o desembocar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) debido a un cierre inesperado en el servidor web."
}
],
"id": "CVE-2018-5440",
"lastModified": "2024-11-21T04:08:48.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T10:29:00.680",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102909"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-0760 (GCVE-0-2014-0760)
Vulnerability from cvelistv5
Published
2014-04-25 01:00
Modified
2025-07-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1
Modular Controller with CoDeSys and SoftMotion provide an undocumented
access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application
crash) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Festo | CECX-X-C1 Modular Master Controller with CoDeSys |
Version: all |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CECX-X-C1 Modular Master Controller with CoDeSys",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo\u2019s CECX-X-C1 and CECX-X-M1 controllers."
}
],
"datePublic": "2014-04-24T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1\n Modular Controller with CoDeSys and SoftMotion provide an undocumented \naccess method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application \ncrash) via unspecified vectors.\n\n\u003c/p\u003e"
}
],
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1\n Modular Controller with CoDeSys and SoftMotion provide an undocumented \naccess method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application \ncrash) via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T20:29:50.796Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
}
],
"source": {
"advisory": "ICSA-14-084-01",
"discovery": "EXTERNAL"
},
"title": "Festo CECX-X-(C1/M1) Controller Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFesto has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u0026nbsp;Some of these compensating measures can be:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\u003c/li\u003e\n\u003cli\u003eLocate control system networks and remote devices behind firewalls, and isolate them from the business network.\u003c/li\u003e\n\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\u003c/li\u003e\n\u003cli\u003eInvestigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\u003c/li\u003e\n\u003cli\u003eConfigure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Festo has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u00a0Some of these compensating measures can be:\n\n\n\n * Minimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\n\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n\n * When remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\n\n * Investigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\n\n * Configure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0760",
"datePublished": "2014-04-25T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-07-02T20:29:50.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6069 (GCVE-0-2012-6069)
Vulnerability from cvelistv5
Published
2013-01-21 21:00
Modified
2025-07-02 20:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The CoDeSys Runtime Toolkit’s file transfer functionality does not
perform input validation, which allows an attacker to access files and
directories outside the intended scope. This may allow an attacker to
upload and download any file on the device. This could allow the
attacker to affect the availability, integrity, and confidentiality of
the device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | 3S-Smart Software Solutions | CODESYS Control Runtime embedded |
Version: 0 < 2.3.2.8 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Runtime embedded",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"lessThan": "2.3.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Runtime full",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"lessThan": "2.4.7.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"lessThan": "2.3.7.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-C1 Modular Master Controller with CoDeSys",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CoDeSys",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"status": "unaffected",
"version": "3.X"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Independent researcher Reid Wightman of IOActive, formerly of Digital Bond has validated that the patch, issued by 3S, mitigates theses vulnerabilities."
}
],
"datePublic": "2012-10-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe CoDeSys Runtime Toolkit\u2019s file transfer functionality does not \nperform input validation, which allows an attacker to access files and \ndirectories outside the intended scope. This may allow an attacker to \nupload and download any file on the device. This could allow the \nattacker to affect the availability, integrity, and confidentiality of \nthe device.\n\n\u003c/p\u003e"
}
],
"value": "The CoDeSys Runtime Toolkit\u2019s file transfer functionality does not \nperform input validation, which allows an attacker to access files and \ndirectories outside the intended scope. This may allow an attacker to \nupload and download any file on the device. This could allow the \nattacker to affect the availability, integrity, and confidentiality of \nthe device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T20:15:19.655Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
},
{
"url": "https://us.codesys.com/ecosystem/security/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CoDeSys recommends upgrading to the latest version, which is Version 3. It can be downloaded \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://store.codesys.com/engineering/codesys.html?___store=en#All%20versions\"\u003ehere\u003c/a\u003e.\u003cp\u003e3S released a patch which implements a password for authentication to the device.\u003c/p\u003e\u003cp\u003eThe patch can be downloaded from the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.codesys.com/download.html\"\u003eCoDeSys Download Center\u003c/a\u003e.\u003c/p\u003eCoDeSys Version 3.X is not affected by these vulnerabilities.\n\n\u003cbr\u003e"
}
],
"value": "CoDeSys recommends upgrading to the latest version, which is Version 3. It can be downloaded here https://store.codesys.com/engineering/codesys.html .3S released a patch which implements a password for authentication to the device.\n\nThe patch can be downloaded from the CoDeSys Download Center http://www.codesys.com/download.html .\n\nCoDeSys Version 3.X is not affected by these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-13-011-01",
"discovery": "EXTERNAL"
},
"title": "3S CoDeSys Relative Path Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "3S also recommends the usage of standard security methods like firewalls\n or virtual private network (VPN) access to prevent unauthorized access \nto the controller.\n\n\u003cbr\u003e"
}
],
"value": "3S also recommends the usage of standard security methods like firewalls\n or virtual private network (VPN) access to prevent unauthorized access \nto the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html",
"refsource": "CONFIRM",
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
},
{
"name": "http://www.digitalbond.com/tools/basecamp/3s-codesys/",
"refsource": "MISC",
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6069",
"datePublished": "2013-01-21T21:00:00",
"dateReserved": "2012-12-05T00:00:00",
"dateUpdated": "2025-07-02T20:15:19.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6482 (GCVE-0-2015-6482)
Vulnerability from cvelistv5
Published
2015-10-18 19:00
Modified
2024-08-06 07:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-18T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6482",
"datePublished": "2015-10-18T19:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0769 (GCVE-0-2014-0769)
Vulnerability from cvelistv5
Published
2014-04-25 01:00
Modified
2025-07-02 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Festo | CECX-X-C1 Modular Master Controller with CoDeSys |
Version: all |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CECX-X-C1 Modular Master Controller with CoDeSys",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo\u2019s CECX-X-C1 and CECX-X-M1 controllers."
}
],
"datePublic": "2014-04-24T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.\u003c/p\u003e"
}
],
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T20:26:44.615Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
}
],
"source": {
"advisory": "ICSA-14-084-01",
"discovery": "EXTERNAL"
},
"title": "Festo CECX-X-(C1/M1) Controller Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFesto has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u0026nbsp;Some of these compensating measures can be:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\u003c/li\u003e\n\u003cli\u003eLocate control system networks and remote devices behind firewalls, and isolate them from the business network.\u003c/li\u003e\n\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\u003c/li\u003e\n\u003cli\u003eInvestigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\u003c/li\u003e\n\u003cli\u003eConfigure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Festo has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u00a0Some of these compensating measures can be:\n\n\n\n * Minimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\n\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n\n * When remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\n\n * Investigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\n\n * Configure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0769",
"datePublished": "2014-04-25T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-07-02T20:26:44.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5440 (GCVE-0-2018-5440)
Vulnerability from cvelistv5
Published
2018-02-15 10:00
Modified
2024-08-05 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 3S-Smart Software Solutions GmbH CODESYS Web Server |
Version: 3S-Smart Software Solutions GmbH CODESYS Web Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3S-Smart Software Solutions GmbH CODESYS Web Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3S-Smart Software Solutions GmbH CODESYS Web Server"
}
]
}
],
"datePublic": "2018-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "102909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3S-Smart Software Solutions GmbH CODESYS Web Server",
"version": {
"version_data": [
{
"version_value": "3S-Smart Software Solutions GmbH CODESYS Web Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102909"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5440",
"datePublished": "2018-02-15T10:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6068 (GCVE-0-2012-6068)
Vulnerability from cvelistv5
Published
2013-01-21 21:00
Modified
2025-07-02 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | 3S-Smart Software Solutions | CODESYS Control Runtime embedded |
Version: 0 < 2.3.2.8 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Runtime embedded",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"lessThan": "2.3.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Runtime full",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"lessThan": "2.4.7.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"lessThan": "2.3.7.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-C1 Modular Master Controller with CoDeSys",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CoDeSys",
"vendor": "3S-Smart Software Solutions",
"versions": [
{
"status": "unaffected",
"version": "3.X"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Independent researcher Reid Wightman of IOActive, formerly of Digital Bond has validated that the patch, issued by 3S, mitigates theses vulnerabilities."
}
],
"datePublic": "2012-10-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.\u003c/p\u003e"
}
],
"value": "The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T20:12:04.890Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
},
{
"url": "https://us.codesys.com/ecosystem/security/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CoDeSys recommends upgrading to the latest version, which is Version 3. It can be downloaded \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://store.codesys.com/engineering/codesys.html?___store=en#All%20versions\"\u003ehere\u003c/a\u003e.\u003cp\u003e3S released a patch which implements a password for authentication to the device.\u003c/p\u003e\u003cp\u003eThe patch can be downloaded from the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.codesys.com/download.html\"\u003eCoDeSys Download Center\u003c/a\u003e.\u003c/p\u003eCoDeSys Version 3.X is not affected by these vulnerabilities.\n\n\u003cbr\u003e"
}
],
"value": "CoDeSys recommends upgrading to the latest version, which is Version 3. It can be downloaded here https://store.codesys.com/engineering/codesys.html .3S released a patch which implements a password for authentication to the device.\n\nThe patch can be downloaded from the CoDeSys Download Center http://www.codesys.com/download.html .\n\nCoDeSys Version 3.X is not affected by these vulnerabilities."
}
],
"source": {
"advisory": "ICSA-13-011-01",
"discovery": "EXTERNAL"
},
"title": "3S CoDeSys Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "3S also recommends the usage of standard security methods like firewalls\n or virtual private network (VPN) access to prevent unauthorized access \nto the controller.\n\n\u003cbr\u003e"
}
],
"value": "3S also recommends the usage of standard security methods like firewalls\n or virtual private network (VPN) access to prevent unauthorized access \nto the controller."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html",
"refsource": "CONFIRM",
"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
},
{
"name": "http://www.digitalbond.com/tools/basecamp/3s-codesys/",
"refsource": "MISC",
"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6068",
"datePublished": "2013-01-21T21:00:00",
"dateReserved": "2012-12-05T00:00:00",
"dateUpdated": "2025-07-02T20:12:04.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}