Unrated severityNVD Advisory· Published Mar 23, 2023· Updated Feb 19, 2025

Codesys Runtime Improper Limitation of a Pathname

CVE-2018-25048

Description

The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.

Affected products

Codesys/Control V3 Runtime System Toolkitv5
Range: 3.0.0.0
Codesys/V3 Remote Target Visu Toolkitv5
Range: 3.0.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-04_CDS-59017.pdfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000