Summary
CoDeSys is prone to a directory-traversal vulnerability and to a vulnerabillity which makes it possible to get the CoDeSys command shell without authentication on port 1200.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks and to execute any of the commands available vary by PLC.
References
Severity
Classification
-
CVE CVE-2012-6068, CVE-2012-6069 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)