The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote malicious users to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
3s-software codesys runtime system 2.3.9.37 |
||
3s-software codesys runtime system 2.3.9.35 |
||
3s-software codesys runtime system 2.3.9.8 |
||
3s-software codesys runtime system 2.3.9.36 |
||
3s-software codesys runtime system 2.4.0 |