Unauthenticated Remote Command Execution and File Transfer in CODESYS Runtime Toolkit
CVE-2012-6068 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
Learn more about our Web Application Penetration Testing UK.