CVE-2012-6068

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CODESYS Runtime System versions 2.3.x through 2.4.x

Description The issue is related to the lack of authentication requirements in the default configuration of the CODESYS Runtime Toolkit. This allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.

Recommendations For versions 2.3.x through 2.4.x, consider implementing authentication requirements for the Runtime Toolkit to prevent unauthorized access. As a temporary workaround, restrict access to the TCP listener service to minimize the risk of exploitation.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-284

Related Identifiers

BDU:2016-02091

BDU:2017-00134

CVE-2012-6068

Affected Products

Codesys Runtime System

Codesys Runtime Toolkit

CVE-2012-6068

Weakness Enumeration

Related Identifiers

Affected Products

References · 13