{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T09:02:13.117","vulnerabilities":[{"cve":{"id":"CVE-2012-6069","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2013-01-21T21:55:01.150","lastModified":"2026-04-29T01:13:23.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The CoDeSys Runtime Toolkit’s file transfer functionality does not \nperform input validation, which allows an attacker to access files and \ndirectories outside the intended scope. This may allow an attacker to \nupload and download any file on the device. This could allow the \nattacker to affect the availability, integrity, and confidentiality of \nthe device."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el Runtime Toolkit de CODESYS Runtime System v2.3.x y v2.4.x que permite a atacantes remotos leer, sobreescribir, o crear ficheros a través de .. (punto punto) en una solicitud al servicio de escucha TCP."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"89253C44-34F0-457C-9EEE-E7028F737E02"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:*","matchCriteriaId":"CFAB8128-4A70-44CA-A4D3-C859010C8BFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*","matchCriteriaId":"0B99BA40-647D-4203-A003-CAEEF776EF77"},{"vulnerable":true,"criteria":"cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:*","matchCriteriaId":"50443443-14B4-4245-BBE3-C5E451739EF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:*","matchCriteriaId":"44C690B5-EE5B-4504-B40D-879F757C8029"}]}]}],"references":[{"url":"http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"http://www.digitalbond.com/tools/basecamp/3s-codesys/","source":"ics-cert@hq.dhs.gov"},{"url":"https://us.codesys.com/ecosystem/security/","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.digitalbond.com/tools/basecamp/3s-codesys/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/56300","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]}]}}]}