#VU21102 Path traversal


Published: 2019-09-13

Vulnerability identifier: #VU21102

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-13532

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CODESYS firmware
Server applications / SCADA systems
CODESYS Control for BeagleBone
Client/Desktop applications / Other client software
CODESYS Control for emPC-A/iMX6
Client/Desktop applications / Other client software
CODESYS Control for IOT2000
Client/Desktop applications / Other client software
CODESYS Control for Linux
Client/Desktop applications / Other client software
CODESYS Control for PFC100
Client/Desktop applications / Other client software
CODESYS Control for PFC200
Client/Desktop applications / Other client software
CODESYS Control for Raspberry Pi
Client/Desktop applications / Other client software
CODESYS Control RTE V3 (for Beckhoff CX)
Client/Desktop applications / Other client software
CODESYS Control RTE V3
Client/Desktop applications / Other client software
CODESYS Control Win V3 (part of the CODESYS Development System setup)
Client/Desktop applications / Other client software
CODESYS HMI V3
Client/Desktop applications / Other client software
CODESYS Control V3 Runtime System Toolkit
Client/Desktop applications / Other client software
CODESYS V3 Embedded Target Visu Toolkit
Client/Desktop applications / Other client software
CODESYS V3 Remote Target Visu Toolkit
Client/Desktop applications / Other client software

Vendor: CODESYS

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the CODESYS V3 web server. A remote attacker can send a specially crafted HTTP or HTTPS request and read arbitrary files outside the restricted working directory of the controller.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CODESYS firmware: 1.1.9.18 - 3.5.14.40

CODESYS Control for BeagleBone: All versions

CODESYS Control for emPC-A/iMX6: All versions

CODESYS Control for IOT2000: All versions

CODESYS Control for Linux: All versions

CODESYS Control for PFC100: All versions

CODESYS Control for PFC200: All versions

CODESYS Control for Raspberry Pi: All versions

CODESYS Control RTE V3 (for Beckhoff CX): All versions

CODESYS Control RTE V3: All versions

CODESYS Control Win V3 (part of the CODESYS Development System setup): All versions

CODESYS HMI V3: All versions

CODESYS Control V3 Runtime System Toolkit: All versions

CODESYS V3 Embedded Target Visu Toolkit: All versions

CODESYS V3 Remote Target Visu Toolkit: All versions


CPE

External links
http://ics-cert.us-cert.gov/advisories/icsa-19-255-01


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability