Vulnerability Details : CVE-2012-6068
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
Exploit prediction scoring system (EPSS) score for CVE-2012-6068
Probability of exploitation activity in the next 30 days: 0.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-6068
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-6068
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6068
-
http://www.digitalbond.com/tools/basecamp/3s-codesys/
Digital Bond Archives - Dale Peterson ICS Security Expert
-
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
404 - File Not Found | CISAUS Government Resource
-
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01
Festo CECX-X-(C1/M1) Controller Vulnerabilities | CISAUS Government Resource
-
http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
404 - CODESYSVendor Advisory
Products affected by CVE-2012-6068
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:*