Release date:
Updated on:
Affected Systems:
Codesys 2.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2012-6068
CoDeSys is a hardware-independent IEC 61131-3 Development System on Windows. It is used to program and create Controller Applications.
The implementations of CoDeSys 2.3.x and 2.4.x contain a TCP listening service that allows file transmission and other remote commands. However, this service does not authenticate the remote connector. As a result, unauthenticated and unauthorized attackers can remotely connect to the TCP port of the listening service to perform file transfer operations or execute command operations with other administrator privileges.
<* Source: Reid wihtman
Link: http://secunia.com/advisories/51847/
Http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf
Http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html
Http://www.digitalbond.com/tools/basecamp/3s-codesys/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Codesys
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.codesys.com/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
