CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
86.2%
Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a … (dot dot) in a request to the TCP listener service.
Vendor | Product | Version | CPE |
---|---|---|---|
3s-software | codesys_runtime_system | 2.4.0 | cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:* |
3s-software | codesys_runtime_system | 2.3.9.8 | cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:* |
3s-software | codesys_runtime_system | 2.3.9.35 | cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:* |
3s-software | codesys_runtime_system | 2.3.9.36 | cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:* |
3s-software | codesys_runtime_system | 2.3.9.37 | cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:* |