{"cve":{"cve_id":"CVE-2012-6069","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.02637,"epss_percentile":0.83579,"epss_as_of":"2026-06-23","description":"The CoDeSys Runtime Toolkit’s file transfer functionality does not \nperform input validation, which allows an attacker to access files and \ndirectories outside the intended scope. This may allow an attacker to \nupload and download any file on the device. This could allow the \nattacker to affect the availability, integrity, and confidentiality of \nthe device.","published_at":"2013-01-21T21:00:00Z","last_modified_at":null,"cvss_v3_score":10.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-23"],"nvd_references":["http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html","https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01","http://www.digitalbond.com/tools/basecamp/3s-codesys/","https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01","https://us.codesys.com/ecosystem/security/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:06:30.725046Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"3s-smart-software-solutions","vendor_name":"3S-Smart Software Solutions","product_slug":"codesys","product_name":"CoDeSys","version_start":"3.X","version_start_inclusive":true,"version_end":"3.X","version_end_inclusive":true,"cpe23_uri":"cve5:3s-smart-software-solutions:codesys:3.X:3.X"},{"vendor_slug":"3s-smart-software-solutions","vendor_name":"3S-Smart Software Solutions","product_slug":"codesys-control-rte","product_name":"CODESYS Control RTE","version_start":"0","version_start_inclusive":true,"version_end":"2.3.7.17","version_end_inclusive":false,"cpe23_uri":"cve5:3s-smart-software-solutions:codesys-control-rte:0:2.3.7.17"},{"vendor_slug":"3s-smart-software-solutions","vendor_name":"3S-Smart Software Solutions","product_slug":"codesys-control-runtime-embedded","product_name":"CODESYS Control Runtime embedded","version_start":"0","version_start_inclusive":true,"version_end":"2.3.2.8","version_end_inclusive":false,"cpe23_uri":"cve5:3s-smart-software-solutions:codesys-control-runtime-embedded:0:2.3.2.8"},{"vendor_slug":"3s-smart-software-solutions","vendor_name":"3S-Smart Software Solutions","product_slug":"codesys-control-runtime-full","product_name":"CODESYS Control Runtime full","version_start":"0","version_start_inclusive":true,"version_end":"2.4.7.40","version_end_inclusive":false,"cpe23_uri":"cve5:3s-smart-software-solutions:codesys-control-runtime-full:0:2.4.7.40"},{"vendor_slug":"festo","vendor_name":"Festo","product_slug":"cecx-x-c1-modular-master-controller-with-codesys","product_name":"CECX-X-C1 Modular Master Controller with CoDeSys","version_start":"All","version_start_inclusive":true,"version_end":"All","version_end_inclusive":true,"cpe23_uri":"cve5:festo:cecx-x-c1-modular-master-controller-with-codesys:All:All"},{"vendor_slug":"festo","vendor_name":"Festo","product_slug":"cecx-x-m1-modular-controller-with-codesys-and-softmotion","product_name":"CECX-X-M1 Modular Controller with CoDeSys and SoftMotion","version_start":"All","version_start_inclusive":true,"version_end":"All","version_end_inclusive":true,"cpe23_uri":"cve5:festo:cecx-x-m1-modular-controller-with-codesys-and-softmotion:All:All"}],"exploit_refs":[],"news":[],"references":[{"url":"http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html","source_type":"MISC","tags":[]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-01","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://www.digitalbond.com/tools/basecamp/3s-codesys/","source_type":"MISC","tags":[]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://us.codesys.com/ecosystem/security/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2013-01-21T21:00:00Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-24T00:34:56.485212Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-24T00:34:56.485212Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-24T00:34:56.485212Z","label":"CVSS score revised","source":"cvelistv5"}]}