CVE-2012-6069

{"id": "CVE-2012-6069", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2013-01-21T21:55:01.150", "references": [{"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us.codesys.com/ecosystem/security/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.digitalbond.com/tools/basecamp/3s-codesys/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/56300", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The CoDeSys Runtime Toolkit\u2019s file transfer functionality does not \nperform input validation, which allows an attacker to access files and \ndirectories outside the intended scope. This may allow an attacker to \nupload and download any file on the device. This could allow the \nattacker to affect the availability, integrity, and confidentiality of \nthe device."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el Runtime Toolkit de CODESYS Runtime System v2.3.x y v2.4.x que permite a atacantes remotos leer, sobreescribir, o crear ficheros a trav\u00e9s de .. (punto punto) en una solicitud al servicio de escucha TCP."}], "lastModified": "2025-07-02T21:15:39.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89253C44-34F0-457C-9EEE-E7028F737E02"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFAB8128-4A70-44CA-A4D3-C859010C8BFF"}, {"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B99BA40-647D-4203-A003-CAEEF776EF77"}, {"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50443443-14B4-4245-BBE3-C5E451739EF0"}, {"criteria": "cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44C690B5-EE5B-4504-B40D-879F757C8029"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}