CVE-2018-25048 - OpenCVE

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Codesys	Control For Pfc200 Control For Pfc100 Control Rte Remote Target Visu Toolkit Control For Raspberry Pi Control Win Runtime System Toolkit Control V3 Runtime System Toolkit Embedded Target Visu Toolkit Control For Iot2000 Control For Empc-a\/imx6 Runtime Plcwinnt Control For Beaglebone Hmi Simulation Runtime

Configuration 1 [-]

OR	cpe:2.3:a:codesys:control_for_beaglebone::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6::::::::
	cpe:2.3:a:codesys:control_for_iot2000::::::::
	cpe:2.3:a:codesys:control_for_pfc100::::::::
	cpe:2.3:a:codesys:control_for_pfc200::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi::::::::
	cpe:2.3:a:codesys:control_rte::::::::
	cpe:2.3:a:codesys:control_v3_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win::::::::
	cpe:2.3:a:codesys:embedded_target_visu_toolkit::::::::
	cpe:2.3:a:codesys:hmi::::::::
	cpe:2.3:a:codesys:remote_target_visu_toolkit::::::::
	cpe:2.3:a:codesys:runtime_plcwinnt::::::::
	cpe:2.3:a:codesys:runtime_system_toolkit:::::::x86:*
	cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:::::::*
	cpe:2.3:a:codesys:simulation_runtime::::::::

References

Link	Resource
https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf	Not Applicable

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-03-23T10:45:36.900Z

Updated: 2023-03-23T10:45:36.900Z

Reserved: 2022-12-07T12:06:08.365Z

Link: CVE-2018-25048

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-23T11:15:12.730

Modified: 2023-03-30T17:50:27.103

Link: CVE-2018-25048

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2018-25048", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-12-07T12:06:08.365Z", "datePublished": "2023-03-23T10:45:36.900Z", "dateUpdated": "2023-03-23T10:45:36.900Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Control for BeagleBone", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": " Control for emPC-A/iMX6", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for IOT2000", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for PFC100", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for PFC200", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for Raspberry Pi", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control RTE V3 (all variants)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control Win V3 (all variants)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "V3 Simulation Runtime (part of the CODESYS Development System)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "HMI V3 (all variants)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "V3 Remote Target Visu (all variants)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control V3 Runtime System Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "V3 Embedded Target Visu Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "V3 Remote Target Visu Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.12.30", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Runtime Toolkit 32 bit embedded", "vendor": "CODESYS", "versions": [{"lessThan": "2.3.2.10", "status": "affected", "version": "2.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Runtime Toolkit 32 bit full", "vendor": "CODESYS", "versions": [{"lessThan": "2.4.7.52", "status": "affected", "version": "2.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Runtime PLCWinNT", "vendor": "CODESYS", "versions": [{"lessThan": "2.4.7.52", "status": "affected", "version": "2.0.0.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": " Prosoft-Systems Ltd."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."}], "value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-03-23T10:45:36.900Z"}, "references": [{"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"}], "source": {"defect": ["CERT@VDE#64324"], "discovery": "EXTERNAL"}, "title": "Codesys Runtime Improper Limitation of a Pathname", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "B29080C3-A6D8-40D6-8C24-177C00FA27F0", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "B980C936-557F-4F14-A692-165129625A62", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "D282ECAB-FA07-4A81-8F43-AC46A08422D4", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC1C508C-6817-42E7-9B4C-CDCAC7477304", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1ECCA6D-3F95-4924-9CC6-7315B1608217", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi:*:*:*:*:*:*:*:*", "matchCriteriaId": "093C888E-8328-45E9-882C-39D7FBE8E251", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E767B6C-7762-4F3C-A8B0-BEC9C1C238D8", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_v3_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DDCE092-30E5-43FB-A20F-A712DFD7B1C3", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "A47EA342-7BDA-4707-9A23-142126C407C1", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0FE0CC3-99BF-46BF-907D-E8F2785310BB", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "157E617E-7432-464A-AEC4-29D3806FA2D2", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "D95B012B-C9B0-4E2A-934B-3ECDE463722E", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_plcwinnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "8931A117-72B6-4B1C-BF56-E7925D07A790", "versionEndExcluding": "2.4.7.52", "versionStartIncluding": "2.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:*:*:*:*:*:*:x86:*", "matchCriteriaId": "46335A20-A1BF-4E5B-BB1D-B7A4AFF6DB08", "versionEndExcluding": "2.4.7.52", "versionStartIncluding": "2.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A3A8DFF-705F-4562-87CE-E899C5DC2D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:simulation_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DD3AD40-BEE7-428D-B1F0-1349E10A9DD5", "versionEndExcluding": "3.5.12.30", "versionStartIncluding": "3.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device."}], "id": "CVE-2018-25048", "lastModified": "2023-03-30T17:50:27.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2023-03-23T11:15:12.730", "references": [{"source": "info@cert.vde.com", "tags": ["Not Applicable"], "url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdf"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "info@cert.vde.com", "type": "Primary"}]}