Path traversal in CODESYS products - CVE-2019-13532

Vulnerability identifier: #VU21102

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-13532

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: CODESYS

Affected software:
CODESYS firmware
CODESYS Control for BeagleBone
CODESYS Control for emPC-A/iMX6
CODESYS Control for IOT2000
CODESYS Control for Linux
CODESYS Control for PFC100
CODESYS Control for PFC200
CODESYS Control for Raspberry Pi
CODESYS Control RTE V3 (for Beckhoff CX)
CODESYS Control RTE V3
CODESYS Control Win V3 (part of the CODESYS Development System setup)
CODESYS HMI V3
CODESYS Control V3 Runtime System Toolkit
CODESYS V3 Embedded Target Visu Toolkit
CODESYS V3 Remote Target Visu Toolkit

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the CODESYS V3 web server. A remote attacker can send a specially crafted HTTP or HTTPS request and read arbitrary files outside the restricted working directory of the controller.

Install updates from vendor's website.

• https://ics-cert.us-cert.gov/advisories/icsa-19-255-01