The host is installed with 3S CoDeSys 3.0 before 3.5 or before 2.3.9.32 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle a specially-crafted HTTP GET request. Successful exploitation allows remote attackers to traverse directories on the system, to create arbitrary directories under the web root.