var-201302-0030
Vulnerability from variot

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. 3S CODESYS Gateway-Server incorrectly filters input for accessing files, allowing an attacker to view system-constrained file content through a directory traversal sequence. CoDeSys Gateway Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploits will allow an attacker to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks. Versions prior to CoDeSys 2.3.9.27 are vulnerable. Note: This issue was previously discussed in BID 58032 (CoDeSys Gateway Server Multiple Security Vulnerabilities), but has been given its own record to better document it. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201302-0030",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.8.1"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.9.18"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.8.2"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.8.0"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.9.4"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.9.5"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.9.1"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.9.2"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "3s",
        "version": "2.3.9.3"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.6.0"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.5.2"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.9.19"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.5.3"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.7.0"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.9"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.5.1"
      },
      {
        "model": "codesys gateway-server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "3s",
        "version": "2.3.9.20"
      },
      {
        "model": "codesys gateway server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "2.3.9.27"
      },
      {
        "model": "smart software solutions codesys",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "3s",
        "version": "-2.x"
      },
      {
        "model": "smart software solutions codesys gateway server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "3s",
        "version": "-2.x"
      },
      {
        "model": "codesys gateway-server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "3s",
        "version": "2.3.9.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.5.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.5.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.5.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.7.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.8.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.8.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.8.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9.18"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "2.3.9.19"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "codesys gateway server",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.9.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aaron Portnoy of Exodus Intelligence",
    "sources": [
      {
        "db": "BID",
        "id": "59446"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-4705",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2012-4705",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "126f2474-2353-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-57986",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-4705",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201302-448",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "126f2474-2353-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-57986",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. 3S CODESYS Gateway-Server incorrectly filters input for accessing files, allowing an attacker to view system-constrained file content through a directory traversal sequence. CoDeSys Gateway Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nSuccessful exploits will allow an attacker to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks. \nVersions prior to CoDeSys 2.3.9.27 are vulnerable. \nNote: This issue was previously discussed in BID 58032 (CoDeSys Gateway Server Multiple Security Vulnerabilities), but has been given its own record to better document it. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "db": "BID",
        "id": "59446"
      },
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-57986",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-4705",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-13-050-01",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-13-050-01A",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "52253",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "59446",
        "trust": 0.4
      },
      {
        "db": "IVD",
        "id": "126F2474-2353-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "41712",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "120718",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-57986",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      },
      {
        "db": "BID",
        "id": "59446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ]
  },
  "id": "VAR-201302-0030",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      }
    ],
    "trust": 1.9
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:09:27.924000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.3s-software.com/"
      },
      {
        "title": "CoDeSys \u0027Gateway Server\u0027 directory traversal vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/32063"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://ics-cert.us-cert.gov/pdf/icsa-13-050-01-a.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-050-01a"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4705"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4705"
      },
      {
        "trust": 0.6,
        "url": "http://ics-cert.us-cert.gov/pdf/icsa-13-050-01.pdf"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/52253"
      },
      {
        "trust": 0.3,
        "url": "http://www.3s-software.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      },
      {
        "db": "BID",
        "id": "59446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "db": "VULHUB",
        "id": "VHN-57986"
      },
      {
        "db": "BID",
        "id": "59446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-02-22T00:00:00",
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "date": "2013-02-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-57986"
      },
      {
        "date": "2013-02-19T00:00:00",
        "db": "BID",
        "id": "59446"
      },
      {
        "date": "2013-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "date": "2013-02-24T11:48:21.063000",
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "date": "2013-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      },
      {
        "date": "2013-05-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-57986"
      },
      {
        "date": "2015-03-19T09:42:00",
        "db": "BID",
        "id": "59446"
      },
      {
        "date": "2013-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-001678"
      },
      {
        "date": "2013-05-21T03:20:36.890000",
        "db": "NVD",
        "id": "CVE-2012-4705"
      },
      {
        "date": "2013-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CoDeSys \u0027Gateway Server\u0027 Directory Traversal Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-01211"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "126f2474-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201302-448"
      }
    ],
    "trust": 0.8
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.