CODESYS Control Path Traversal Vulnerability Allowing Full Filesystem Access

A path traversal vulnerability has been identified in CODESYS Control, affecting versions prior to 4.15.0.0 and certain 3.x versions. This vulnerability allows low privileged attackers with physical access to devices running CODESYS Control to bypass file system restrictions and gain unauthorized access to the entire file system. The issue arises from insufficient path validation, which can be exploited by connecting removable media that supports symbolic links.

Impact

Exploitation of this vulnerability allows for unrestricted access to the device's file system, bypassing default restrictions that limit access to the application's working directory. This could lead to unauthorized modification or extraction of files, depending on the user's privileges.

Remediation

Users can update to CODESYS Control versions 4.15.0.0 or 3.5.21.0, depending on their specific product. If removable media is used, it should be configured to a file system that does not support symbolic links, such as FAT16 or FAT32, or the PlaceholderFilePath settings that point to removable media should be removed.