Описание
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-6068
- https://us.codesys.com/ecosystem/security
- https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01
- http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
- http://www.digitalbond.com/tools/basecamp/3s-codesys
- http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
Связанные уязвимости
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
Уязвимость среды исполнения CODESYS Runtime Toolkit, позволяющая нарушителю выполнять произвольные команды и загружать произвольные файлы
Уязвимость среды исполнения CODESYS Runtime Toolkit, позволяющая нарушителю выполнять произвольные команды и загружать произвольные файлы