CVE-2012-6069 CRITICAL

CVE-2012-6069: 3S CoDeSys Relative Path Traversal

Vendor 3S-Smart Software Solutions

Product CODESYS Control Runtime embedded

Weakness CWE-23

Published January 21, 2013

Last update July 2, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.

Key dates

02Disclosure timeline

January 21, 2013 CVE published

July 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2012-6069

Related vulnerabilities

Identifiers

CVE CVE-2012-6069

CWE CWE-23

CVSS 10.0 / CRITICAL

Affected versions

Vendor 3S-Smart Software Solutions

Product CODESYS Control Runtime embedded

Affected < 2.3.2.8

Vendor 3S-Smart Software Solutions

Product CODESYS Control Runtime full

Affected < 2.4.7.40

Vendor 3S-Smart Software Solutions

Product CODESYS Control RTE

Affected < 2.3.7.17

Vendor Festo

Product CECX-X-C1 Modular Master Controller with CoDeSys

Affected All

Vendor Festo

Product CECX-X-M1 Modular Controller with CoDeSys and SoftMotion

Affected All

CVE-2012-6069: 3S CoDeSys Relative Path Traversal

01Description

02Disclosure timeline

03References

04Related CVE