The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
References
Link | Resource |
---|---|
https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf | Not Applicable |
Configurations
Configuration 1 (hide)
|
History
30 Mar 2023, 17:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:* cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:* cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:* |
|
First Time |
Codesys runtime Plcwinnt
Codesys runtime System Toolkit Codesys Codesys remote Target Visu Toolkit Codesys control For Pfc100 Codesys control For Pfc200 Codesys hmi Codesys control For Raspberry Pi Codesys control V3 Runtime System Toolkit Codesys simulation Runtime Codesys embedded Target Visu Toolkit Codesys control Rte Codesys control For Iot2000 Codesys control Win Codesys control For Empc-a\/imx6 Codesys control For Beaglebone |
|
References | (MISC) https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf - Not Applicable |
23 Mar 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-23 11:15
Updated : 2023-12-10 15:01
NVD link : CVE-2018-25048
Mitre link : CVE-2018-25048
CVE.ORG link : CVE-2018-25048
JSON object : View
Products Affected
codesys
- control_for_pfc100
- runtime_system_toolkit
- control_win
- hmi
- control_for_pfc200
- embedded_target_visu_toolkit
- control_for_iot2000
- simulation_runtime
- control_v3_runtime_system_toolkit
- remote_target_visu_toolkit
- control_for_beaglebone
- runtime_plcwinnt
- control_for_raspberry_pi
- control_rte
- control_for_empc-a\/imx6
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')