// For flags

CVE-2018-25048

Codesys Runtime Improper Limitation of a Pathname

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

*Credits: Prosoft-Systems Ltd.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-12-07 CVE Reserved
  • 2023-03-23 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-10-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
  • CAPEC-126: Path Traversal
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Codesys
Search vendor "Codesys"
Control For Beaglebone
Search vendor "Codesys" for product "Control For Beaglebone"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control For Beaglebone" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control For Empc-a\/imx6
Search vendor "Codesys" for product "Control For Empc-a\/imx6"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control For Empc-a\/imx6" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control For Iot2000
Search vendor "Codesys" for product "Control For Iot2000"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control For Iot2000" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control For Pfc100
Search vendor "Codesys" for product "Control For Pfc100"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control For Pfc100" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control For Pfc200
Search vendor "Codesys" for product "Control For Pfc200"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control For Pfc200" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control For Raspberry Pi
Search vendor "Codesys" for product "Control For Raspberry Pi"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control For Raspberry Pi" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control Rte
Search vendor "Codesys" for product "Control Rte"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control Rte" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control V3 Runtime System Toolkit
Search vendor "Codesys" for product "Control V3 Runtime System Toolkit"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control V3 Runtime System Toolkit" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Control Win
Search vendor "Codesys" for product "Control Win"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Control Win" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Embedded Target Visu Toolkit
Search vendor "Codesys" for product "Embedded Target Visu Toolkit"
>= 3.0 < 3.5.12.30
Search vendor "Codesys" for product "Embedded Target Visu Toolkit" and version " >= 3.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Hmi
Search vendor "Codesys" for product "Hmi"
>= 3.0 < 3.5.12.30
Search vendor "Codesys" for product "Hmi" and version " >= 3.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Remote Target Visu Toolkit
Search vendor "Codesys" for product "Remote Target Visu Toolkit"
>= 3.0 < 3.5.12.30
Search vendor "Codesys" for product "Remote Target Visu Toolkit" and version " >= 3.0 < 3.5.12.30"
-
Affected
Codesys
Search vendor "Codesys"
Runtime Plcwinnt
Search vendor "Codesys" for product "Runtime Plcwinnt"
>= 2.0.0.0 < 2.4.7.52
Search vendor "Codesys" for product "Runtime Plcwinnt" and version " >= 2.0.0.0 < 2.4.7.52"
-
Affected
Codesys
Search vendor "Codesys"
Runtime System Toolkit
Search vendor "Codesys" for product "Runtime System Toolkit"
>= 2.0.0.0 < 2.4.7.52
Search vendor "Codesys" for product "Runtime System Toolkit" and version " >= 2.0.0.0 < 2.4.7.52"
x86
Affected
Codesys
Search vendor "Codesys"
Runtime System Toolkit
Search vendor "Codesys" for product "Runtime System Toolkit"
3.5.15.0
Search vendor "Codesys" for product "Runtime System Toolkit" and version "3.5.15.0"
-
Affected
Codesys
Search vendor "Codesys"
Simulation Runtime
Search vendor "Codesys" for product "Simulation Runtime"
>= 3.0.0.0 < 3.5.12.30
Search vendor "Codesys" for product "Simulation Runtime" and version " >= 3.0.0.0 < 3.5.12.30"
-
Affected