Description
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- 3S-Smart Software Solutions / CoDeSys3.X – 3.X
- 3S-Smart Software Solutions / CODESYS Control RTE0 – 2.3.7.17
- 3S-Smart Software Solutions / CODESYS Control Runtime embedded0 – 2.3.2.8
- 3S-Smart Software Solutions / CODESYS Control Runtime full0 – 2.4.7.40
- Festo / CECX-X-C1 Modular Master Controller with CoDeSysAll – All
- Festo / CECX-X-M1 Modular Controller with CoDeSys and SoftMotionAll – All
References
- MISChttp://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
- VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01
- MISChttp://www.digitalbond.com/tools/basecamp/3s-codesys/
- VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
- MISChttps://us.codesys.com/ecosystem/security/