Описание
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
Уязвимые конфигурации
Конфигурация 1Версия от 2.0 (включая) до 2.4.7.57 (исключая)Версия от 2.0 (включая) до 2.4.7.57 (исключая)
Одно из
cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*
EPSS
Процентиль: 73%
0.00778
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-755
Связанные уязвимости
CVSS3: 6.5
github
около 3 лет назад
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
EPSS
Процентиль: 73%
0.00778
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-755