VAR-201302-0030
Vulnerability from variot - Updated: 2023-12-18 12:09Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. 3S CODESYS Gateway-Server incorrectly filters input for accessing files, allowing an attacker to view system-constrained file content through a directory traversal sequence. CoDeSys Gateway Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploits will allow an attacker to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks. Versions prior to CoDeSys 2.3.9.27 are vulnerable. Note: This issue was previously discussed in BID 58032 (CoDeSys Gateway Server Multiple Security Vulnerabilities), but has been given its own record to better document it. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.8.1"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.9.18"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.8.2"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.8.0"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.9.4"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.9.5"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.9.1"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.9.2"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.6,
"vendor": "3s",
"version": "2.3.9.3"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.6.0"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.5.2"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.9.19"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.5.3"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.7.0"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.9"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.5.1"
},
{
"model": "codesys gateway-server",
"scope": "lte",
"trust": 1.0,
"vendor": "3s",
"version": "2.3.9.20"
},
{
"model": "codesys gateway server",
"scope": "lt",
"trust": 0.8,
"vendor": "3s smart",
"version": "2.3.9.27"
},
{
"model": "smart software solutions codesys",
"scope": "eq",
"trust": 0.6,
"vendor": "3s",
"version": "-2.x"
},
{
"model": "smart software solutions codesys gateway server",
"scope": "eq",
"trust": 0.6,
"vendor": "3s",
"version": "-2.x"
},
{
"model": "codesys gateway-server",
"scope": "eq",
"trust": 0.6,
"vendor": "3s",
"version": "2.3.9.20"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "2.3.9.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codesys gateway server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.9.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:3s-software:codesys_gateway-server:2.3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4705"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aaron Portnoy of Exodus Intelligence",
"sources": [
{
"db": "BID",
"id": "59446"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4705",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4705",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "126f2474-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-57986",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4705",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201302-448",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-57986",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57986"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. 3S CODESYS Gateway-Server incorrectly filters input for accessing files, allowing an attacker to view system-constrained file content through a directory traversal sequence. CoDeSys Gateway Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nSuccessful exploits will allow an attacker to create arbitrary files, which may then be executed to perform unauthorized actions. This may aid in further attacks. \nVersions prior to CoDeSys 2.3.9.27 are vulnerable. \nNote: This issue was previously discussed in BID 58032 (CoDeSys Gateway Server Multiple Security Vulnerabilities), but has been given its own record to better document it. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"db": "BID",
"id": "59446"
},
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57986"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57986",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57986"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4705",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-050-01",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-13-050-01A",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201302-448",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-01211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52253",
"trust": 0.6
},
{
"db": "BID",
"id": "59446",
"trust": 0.4
},
{
"db": "IVD",
"id": "126F2474-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "41712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120718",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-57986",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"db": "VULHUB",
"id": "VHN-57986"
},
{
"db": "BID",
"id": "59446"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
]
},
"id": "VAR-201302-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"db": "VULHUB",
"id": "VHN-57986"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01211"
}
]
},
"last_update_date": "2023-12-18T12:09:27.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.3s-software.com/"
},
{
"title": "CoDeSys \u0027Gateway Server\u0027 directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32063"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57986"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"db": "NVD",
"id": "CVE-2012-4705"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-050-01-a.pdf"
},
{
"trust": 1.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-050-01a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4705"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4705"
},
{
"trust": 0.6,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-050-01.pdf"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52253"
},
{
"trust": 0.3,
"url": "http://www.3s-software.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"db": "VULHUB",
"id": "VHN-57986"
},
{
"db": "BID",
"id": "59446"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"db": "VULHUB",
"id": "VHN-57986"
},
{
"db": "BID",
"id": "59446"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-22T00:00:00",
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"date": "2013-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-57986"
},
{
"date": "2013-02-19T00:00:00",
"db": "BID",
"id": "59446"
},
{
"date": "2013-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"date": "2013-02-24T11:48:21.063000",
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"date": "2013-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01211"
},
{
"date": "2013-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-57986"
},
{
"date": "2015-03-19T09:42:00",
"db": "BID",
"id": "59446"
},
{
"date": "2013-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001678"
},
{
"date": "2013-05-21T03:20:36.890000",
"db": "NVD",
"id": "CVE-2012-4705"
},
{
"date": "2013-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CoDeSys \u0027Gateway Server\u0027 Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01211"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "126f2474-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-448"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…