Critical severity9.8NVD Advisory· Published Jan 21, 2013· Updated Apr 29, 2026

CVE-2012-6068

Description

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.

Affected products

3s Software/Codesys Runtime System5 versions
cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.35:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.36:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.37:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:3s-software:codesys_runtime_system:2.4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.htmlnvdVendor Advisory
ics-cert.us-cert.gov/advisories/ICSA-14-084-01nvdUS Government Resource
www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdfnvdUS Government Resource
www.digitalbond.com/tools/basecamp/3s-codesys/nvd
us.codesys.com/ecosystem/security/nvd
www.cisa.gov/news-events/ics-advisories/icsa-13-011-01nvd
www.cisa.gov/news-events/ics-advisories/icsa-14-084-01nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000