3s-Software: >> Codesys Runtime System >> 2.3.9.8 Security Vulnerabilities
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-10-18
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
CVSS Score
9.8
EPSS Score
0.044
Published
2013-01-21
The CoDeSys Runtime Toolkit’s file transfer functionality does not
perform input validation, which allows an attacker to access files and
directories outside the intended scope. This may allow an attacker to
upload and download any file on the device. This could allow the
attacker to affect the availability, integrity, and confidentiality of
the device.
CVSS Score
10.0
EPSS Score
0.022
Published
2013-01-21