CoDeSys Authentication Bypass Directory Traversal
High Nessus Plugin ID 62796
SynopsisThe remote device is affected by a directory traversal vulnerability.
DescriptionThe remote device is a CoDeSys PLC (programmable logic controller).
Nessus was able to bypass the authentication mechanism and read an arbitrary file on the device by using a directory traversal string.
SolutionThere are currently no known fixes. As a workaround, restrict access to the device.