Unauthenticated Remote Command Execution and File Transfer in CODESYS Runtime Toolkit

Unauthenticated Remote Command Execution and File Transfer in CODESYS Runtime Toolkit

CVE-2012-6068 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.

Learn more about our Web Application Penetration Testing UK.