CVE-2018-25048
Published: Mar 23, 2023
Modified: Feb 19, 2025
CVSS v3.1
8.8
Description
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
| Vendor | Product | Versions |
|---|---|---|
CODESYS | Control for BeagleBone | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control for emPC-A/iMX6 | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control for IOT2000 | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control for PFC100 | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control for PFC200 | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control for Raspberry Pi | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control RTE V3 (all variants) | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control Win V3 (all variants) | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | V3 Simulation Runtime (part of the CODESYS Development System) | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | HMI V3 (all variants) | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | V3 Remote Target Visu (all variants) | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Control V3 Runtime System Toolkit | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | V3 Embedded Target Visu Toolkit | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | V3 Remote Target Visu Toolkit | affected 3.0.0.0 - < 3.5.12.30 |
CODESYS | Runtime Toolkit 32 bit embedded | affected 2.0.0.0 - < 2.3.2.10 |
CODESYS | Runtime Toolkit 32 bit full | affected 2.0.0.0 - < 2.4.7.52 |
CODESYS | Runtime PLCWinNT | affected 2.0.0.0 - < 2.4.7.52 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now