CVE-2018-25048

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf	Not Applicable

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:codesys:control_for_beaglebone::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6::::::::
	cpe:2.3:a:codesys:control_for_iot2000::::::::
	cpe:2.3:a:codesys:control_for_pfc100::::::::
	cpe:2.3:a:codesys:control_for_pfc200::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi::::::::
	cpe:2.3:a:codesys:control_rte::::::::
	cpe:2.3:a:codesys:control_v3_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win::::::::
	cpe:2.3:a:codesys:embedded_target_visu_toolkit::::::::
	cpe:2.3:a:codesys:hmi::::::::
	cpe:2.3:a:codesys:remote_target_visu_toolkit::::::::
	cpe:2.3:a:codesys:runtime_plcwinnt::::::::
	cpe:2.3:a:codesys:runtime_system_toolkit:::::::x86:*
	cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:::::::*
	cpe:2.3:a:codesys:simulation_runtime::::::::

History

No history.

Information

Published : 2023-03-23 11:15

Updated : 2024-02-28 20:13

NVD link : CVE-2018-25048

Mitre link : CVE-2018-25048

CVE.ORG link : CVE-2018-25048

JSON object : View

Products Affected

codesys

remote_target_visu_toolkit
control_for_empc-a\/imx6
embedded_target_visu_toolkit
control_for_iot2000
control_v3_runtime_system_toolkit
runtime_plcwinnt
control_for_pfc200
control_win
runtime_system_toolkit
simulation_runtime
control_for_beaglebone
control_for_pfc100
hmi
control_rte
control_for_raspberry_pi

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2018-25048", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-03-23T11:15:12.730", "references": [{"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf", "tags": ["Not Applicable"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."}], "lastModified": "2023-03-30T17:50:27.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B29080C3-A6D8-40D6-8C24-177C00FA27F0", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B980C936-557F-4F14-A692-165129625A62", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D282ECAB-FA07-4A81-8F43-AC46A08422D4", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC1C508C-6817-42E7-9B4C-CDCAC7477304", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1ECCA6D-3F95-4924-9CC6-7315B1608217", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093C888E-8328-45E9-882C-39D7FBE8E251", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E767B6C-7762-4F3C-A8B0-BEC9C1C238D8", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DDCE092-30E5-43FB-A20F-A712DFD7B1C3", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A47EA342-7BDA-4707-9A23-142126C407C1", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0FE0CC3-99BF-46BF-907D-E8F2785310BB", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "157E617E-7432-464A-AEC4-29D3806FA2D2", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D95B012B-C9B0-4E2A-934B-3ECDE463722E", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8931A117-72B6-4B1C-BF56-E7925D07A790", "versionEndExcluding": "2.4.7.52", "versionStartIncluding": "2.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "46335A20-A1BF-4E5B-BB1D-B7A4AFF6DB08", "versionEndExcluding": "2.4.7.52", "versionStartIncluding": "2.0.0.0"}, {"criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A3A8DFF-705F-4562-87CE-E899C5DC2D18"}, {"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DD3AD40-BEE7-428D-B1F0-1349E10A9DD5", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}