ID

VAR-201302-0030


CVE

CVE-2012-4705


TITLE

CoDeSys 'Gateway Server' Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01211

DESCRIPTION

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. 3S CODESYS Gateway-Server incorrectly filters input for accessing files, allowing an attacker to view system-constrained file content through a directory traversal sequence. CoDeSys Gateway Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploits will allow an attacker to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks. Versions prior to CoDeSys 2.3.9.27 are vulnerable. Note: This issue was previously discussed in BID 58032 (CoDeSys Gateway Server Multiple Security Vulnerabilities), but has been given its own record to better document it. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys

Trust: 2.7

sources: NVD: CVE-2012-4705 // JVNDB: JVNDB-2013-001678 // CNVD: CNVD-2013-01211 // BID: 59446 // IVD: 126f2474-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57986

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01211

AFFECTED PRODUCTS

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.5

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.18

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.8.1

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.8.0

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.1

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.3

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.4

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.8.2

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.2

Trust: 1.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.5.3

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.5.2

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.7.0

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.6.0

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:lteversion:2.3.9.20

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.5.1

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9

Trust: 1.0

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.19

Trust: 1.0

vendor:3s smartmodel:codesys gateway serverscope:ltversion:2.3.9.27

Trust: 0.8

vendor:3smodel:smart software solutions codesysscope:eqversion:-2.x

Trust: 0.6

vendor:3smodel:smart software solutions codesys gateway serverscope:eqversion:-2.x

Trust: 0.6

vendor:3smodel:codesys gateway-serverscope:eqversion:2.3.9.20

Trust: 0.6

vendor:codesys gateway servermodel: - scope:eqversion:2.3.5.1

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.5.2

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.5.3

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.6.0

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.7.0

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.8.0

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.8.1

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.8.2

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.1

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.2

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.3

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.4

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.5

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.18

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:2.3.9.19

Trust: 0.2

vendor:codesys gateway servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01211 // JVNDB: JVNDB-2013-001678 // CNNVD: CNNVD-201302-448 // NVD: CVE-2012-4705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4705
value: HIGH

Trust: 1.0

NVD: CVE-2012-4705
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201302-448
value: CRITICAL

Trust: 0.6

IVD: 126f2474-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-57986
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4705
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 126f2474-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-57986
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57986 // JVNDB: JVNDB-2013-001678 // CNNVD: CNNVD-201302-448 // NVD: CVE-2012-4705

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-57986 // JVNDB: JVNDB-2013-001678 // NVD: CVE-2012-4705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-448

TYPE

Path traversal

Trust: 0.8

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201302-448

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001678

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-57986

PATCH

title:Top Pageurl:http://www.3s-software.com/

Trust: 0.8

title:CoDeSys 'Gateway Server' directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/32063

Trust: 0.6

sources: CNVD: CNVD-2013-01211 // JVNDB: JVNDB-2013-001678

EXTERNAL IDS

db:NVDid:CVE-2012-4705

Trust: 3.6

db:ICS CERTid:ICSA-13-050-01

Trust: 2.0

db:ICS CERTid:ICSA-13-050-01A

Trust: 1.1

db:CNNVDid:CNNVD-201302-448

Trust: 0.9

db:CNVDid:CNVD-2013-01211

Trust: 0.8

db:JVNDBid:JVNDB-2013-001678

Trust: 0.8

db:SECUNIAid:52253

Trust: 0.6

db:BIDid:59446

Trust: 0.4

db:IVDid:126F2474-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:EXPLOIT-DBid:41712

Trust: 0.1

db:PACKETSTORMid:120718

Trust: 0.1

db:VULHUBid:VHN-57986

Trust: 0.1

sources: IVD: 126f2474-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01211 // VULHUB: VHN-57986 // BID: 59446 // JVNDB: JVNDB-2013-001678 // CNNVD: CNNVD-201302-448 // NVD: CVE-2012-4705

REFERENCES

url:http://ics-cert.us-cert.gov/pdf/icsa-13-050-01-a.pdf

Trust: 1.4

url:http://ics-cert.us-cert.gov/advisories/icsa-13-050-01a

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4705

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4705

Trust: 0.8

url:http://ics-cert.us-cert.gov/pdf/icsa-13-050-01.pdf

Trust: 0.6

url:http://secunia.com/advisories/52253

Trust: 0.6

url:http://www.3s-software.com/

Trust: 0.3

sources: CNVD: CNVD-2013-01211 // VULHUB: VHN-57986 // BID: 59446 // JVNDB: JVNDB-2013-001678 // CNNVD: CNNVD-201302-448 // NVD: CVE-2012-4705

CREDITS

Aaron Portnoy of Exodus Intelligence

Trust: 0.3

sources: BID: 59446

SOURCES

db:IVDid:126f2474-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-01211
db:VULHUBid:VHN-57986
db:BIDid:59446
db:JVNDBid:JVNDB-2013-001678
db:CNNVDid:CNNVD-201302-448
db:NVDid:CVE-2012-4705

LAST UPDATE DATE

2024-11-23T22:08:37.014000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-01211date:2013-02-22T00:00:00
db:VULHUBid:VHN-57986date:2013-05-21T00:00:00
db:BIDid:59446date:2015-03-19T09:42:00
db:JVNDBid:JVNDB-2013-001678date:2013-02-27T00:00:00
db:CNNVDid:CNNVD-201302-448date:2013-02-26T00:00:00
db:NVDid:CVE-2012-4705date:2024-11-21T01:43:23.337

SOURCES RELEASE DATE

db:IVDid:126f2474-2353-11e6-abef-000c29c66e3ddate:2013-02-22T00:00:00
db:CNVDid:CNVD-2013-01211date:2013-02-22T00:00:00
db:VULHUBid:VHN-57986date:2013-02-24T00:00:00
db:BIDid:59446date:2013-02-19T00:00:00
db:JVNDBid:JVNDB-2013-001678date:2013-02-27T00:00:00
db:CNNVDid:CNNVD-201302-448date:2013-02-26T00:00:00
db:NVDid:CVE-2012-4705date:2013-02-24T11:48:21.063