Sign-up

ID

VAR-201302-0030


CVE

CVE-2012-4705


TITLE

CoDeSys 'Gateway Server' Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01211

DESCRIPTION

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. 3S CODESYS Gateway-Server incorrectly filters input for accessing files, allowing an attacker to view system-constrained file content through a directory traversal sequence. CoDeSys Gateway Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploits will allow an attacker to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks. Versions prior to CoDeSys 2.3.9.27 are vulnerable. Note: This issue was previously discussed in BID 58032 (CoDeSys Gateway Server Multiple Security Vulnerabilities), but has been given its own record to better document it. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys

Trust: 2.7

sources: NVD: CVE-2012-4705 // JVNDB: JVNDB-2013-001678 // CNVD: CNVD-2013-01211 // BID: 59446 // IVD: 126f2474-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57986

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01211

AFFECTED PRODUCTS

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.5

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.18

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.8.1

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.8.0

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.1

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.3

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.4

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.8.2

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.2

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.6.0

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.7.0

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:lteversion:2.3.9.20

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.5.1

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.5.3

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.19

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.5.2

Trust: 1.0

vendor:3s smartmodel:codesys gateway serverscope:ltversion:2.3.9.27

Trust: 0.8

vendor:3smodel:smart software solutions codesysscope:eqversion:-2.x

Trust: 0.6

vendor:3smodel:smart software solutions codesys gateway serverscope:eqversion:-2.x

Trust: 0.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.20

Trust: 0.6

vendor:codesys gateway servermodel: - scope:eqversion:2.3.5.1

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.5.2

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.5.3

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.6.0

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.7.0

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.8.0

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.8.1

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.8.2

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.1

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.2

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.3

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.4

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.5

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.18

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.19

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01211 // JVNDB: JVNDB-2013-001678 // CNNVD: CNNVD-201302-448 // NVD: CVE-2012-4705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4705
value: HIGH

Trust: 1.0

NVD: CVE-2012-4705
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201302-448
value: CRITICAL

Trust: 0.6

IVD: 126f2474-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-57986
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4705
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 126f2474-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-57986
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57986 // JVNDB: JVNDB-2013-001678 // CNNVD: CNNVD-201302-448 // NVD: CVE-2012-4705

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-57986 // JVNDB: JVNDB-2013-001678 // NVD: CVE-2012-4705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-448

TYPE

Path traversal

Trust: 0.8

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201302-448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001678

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-57986

PATCH
title:Top Pageurl:http://www.3s-software.com/
Trust: 0.8
title:CoDeSys 'Gateway Server' directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/32063
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-01211 // 
            
            
            
            JVNDB: JVNDB-2013-001678

EXTERNAL IDS
db:NVDid:CVE-2012-4705
Trust: 3.6
db:ICS CERTid:ICSA-13-050-01
Trust: 2.0
db:ICS CERTid:ICSA-13-050-01A
Trust: 1.1
db:CNNVDid:CNNVD-201302-448
Trust: 0.9
db:CNVDid:CNVD-2013-01211
Trust: 0.8
db:JVNDBid:JVNDB-2013-001678
Trust: 0.8
db:SECUNIAid:52253
Trust: 0.6
db:BIDid:59446
Trust: 0.4
db:IVDid:126F2474-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:EXPLOIT-DBid:41712
Trust: 0.1
db:PACKETSTORMid:120718
Trust: 0.1
db:VULHUBid:VHN-57986
Trust: 0.1
sources:
            
            
            IVD: 126f2474-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-01211 // 
            
            
            
            VULHUB: VHN-57986 // 
            
            
            
            BID: 59446 // 
            
            
            
            JVNDB: JVNDB-2013-001678 // 
            
            
            
            CNNVD: CNNVD-201302-448 // 
            
            
            
            NVD: CVE-2012-4705

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-050-01-a.pdf
Trust: 1.4
url:http://ics-cert.us-cert.gov/advisories/icsa-13-050-01a
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4705
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4705
Trust: 0.8
url:http://ics-cert.us-cert.gov/pdf/icsa-13-050-01.pdf
Trust: 0.6
url:http://secunia.com/advisories/52253
Trust: 0.6
url:http://www.3s-software.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-01211 // 
            
            
            
            VULHUB: VHN-57986 // 
            
            
            
            BID: 59446 // 
            
            
            
            JVNDB: JVNDB-2013-001678 // 
            
            
            
            CNNVD: CNNVD-201302-448 // 
            
            
            
            NVD: CVE-2012-4705

CREDITS
Aaron Portnoy of Exodus Intelligence
Trust: 0.3
sources:
            
            
            BID: 59446

SOURCES
db:IVDid:126f2474-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-01211
db:VULHUBid:VHN-57986
db:BIDid:59446
db:JVNDBid:JVNDB-2013-001678
db:CNNVDid:CNNVD-201302-448
db:NVDid:CVE-2012-4705

LAST UPDATE DATE
2024-08-14T14:21:23.001000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-01211date:2013-02-22T00:00:00
db:VULHUBid:VHN-57986date:2013-05-21T00:00:00
db:BIDid:59446date:2015-03-19T09:42:00
db:JVNDBid:JVNDB-2013-001678date:2013-02-27T00:00:00
db:CNNVDid:CNNVD-201302-448date:2013-02-26T00:00:00
db:NVDid:CVE-2012-4705date:2013-05-21T03:20:36.890

SOURCES RELEASE DATE
db:IVDid:126f2474-2353-11e6-abef-000c29c66e3ddate:2013-02-22T00:00:00
db:CNVDid:CNVD-2013-01211date:2013-02-22T00:00:00
db:VULHUBid:VHN-57986date:2013-02-24T00:00:00
db:BIDid:59446date:2013-02-19T00:00:00
db:JVNDBid:JVNDB-2013-001678date:2013-02-27T00:00:00
db:CNNVDid:CNNVD-201302-448date:2013-02-26T00:00:00
db:NVDid:CVE-2012-4705date:2013-02-24T11:48:21.063