CVE-2012-6068

Published Jan 21, 2013

Last updated 3 months ago

CVSS info 10.0

Overview

Description: The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFAB8128-4A70-44CA-A4D3-C859010C8BFF"
          },
          {
            "criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B99BA40-647D-4203-A003-CAEEF776EF77"
          },
          {
            "criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50443443-14B4-4245-BBE3-C5E451739EF0"
          },
          {
            "criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44C690B5-EE5B-4504-B40D-879F757C8029"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89253C44-34F0-457C-9EEE-E7028F737E02"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References