CVE-2012-6069— 3S CoDeSys Relative Path Traversal
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2012-6069
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
3S CoDeSys Relative Path Traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
相对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
CoDeSys 未明目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
3S-Smart Software Solutions CoDeSys是德国3S-Smart Software Solutions公司的一套PLC(可编程控制器)软件编程工具。Runtime Toolkit是CoDeSys的运行时工具包。 CODESYS Runtime System 2.3.x和2.4.x版本中的Runtime Toolkit中存在目录遍历漏洞。通过TCP监听的服务请求中的‘..’,远程攻击者利用该漏洞读取,重写或创建任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| 3S-Smart Software Solutions | CODESYS Control Runtime embedded | 0 ~ 2.3.2.8 | - | |
| 3S-Smart Software Solutions | CODESYS Control Runtime full | 0 ~ 2.4.7.40 | - | |
| 3S-Smart Software Solutions | CODESYS Control RTE | 0 ~ 2.3.7.17 | - | |
| Festo | CECX-X-C1 Modular Master Controller with CoDeSys | All | - | |
| Festo | CECX-X-M1 Modular Controller with CoDeSys and SoftMotion | All | - | |
| 3S-Smart Software Solutions | CoDeSys | - | - |
II. Public POCs for CVE-2012-6069
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2012-6069
请登录查看更多情报信息。
- 🔗 http://www.digitalbond.com/tools/basecamp/3s-codesys/x_refsource_MISC
- 🔗 http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdfx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2012-6069
IV. Related Vulnerabilities
Same weakness: CWE-23
- CVE-2026-8209
Gibbon<30.0.01路径遍历漏洞导致拒绝服务 - CVE-2026-43533
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot M - CVE-2026-43616
Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write - CVE-2026-42085
OpenC3 COSMOS: Arbitrary write to plugins directory via path - CVE-2026-22070
ColorOS Assistant Path Traversal Vulnerability
V. Comments for CVE-2012-6069
No comments yet