CVE-2018-25048 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2018-25048

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

Published: Mar 23, 2023
Updated: Apr 13, 2023
CVE: CVE-2018-25048
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
codesys / runtime_plcwinnt	2.0.0.0	2.4.7.52
codesys / remote_target_visu_toolkit	3.0	3.5.12.30
codesys / embedded_target_visu_toolkit	3.0	3.5.12.30
codesys / runtime_system_toolkit	2.0.0.0	2.4.7.52
codesys / runtime_system_toolkit	3.5.15.0	3.5.15.0.x
codesys / control_v3_runtime_system_toolkit	3.0.0.0	3.5.12.30
codesys / simulation_runtime	3.0.0.0	3.5.12.30
codesys / control_win	3.0.0.0	3.5.12.30
codesys / control_rte	3.0.0.0	3.5.12.30
codesys / hmi	3.0	3.5.12.30
codesys / control_for_raspberry_pi	3.0.0.0	3.5.12.30
codesys / control_for_pfc200	3.0.0.0	3.5.12.30
codesys / control_for_pfc100	3.0.0.0	3.5.12.30
codesys / control_for_iot2000	3.0.0.0	3.5.12.30
codesys / control_for_empc-a/imx6	3.0.0.0	3.5.12.30
codesys / control_for_beaglebone	3.0.0.0	3.5.12.30

https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf