CVE-2012-6068 CRITICAL

CVE-2012-6068: 3S CoDeSys Improper Access Control

Vendor 3S-Smart Software Solutions
Product CODESYS Control Runtime embedded
Weakness CWE-284
Published January 21, 2013
Last update July 2, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.

Key dates

02Disclosure timeline

January 21, 2013 CVE published
July 2, 2025 Record updated