The 3S CODESYS Runtime environment running on the remote host is affected by multiple vulnerabilities :
A memory corruption vulnerability exists in the CODESYS V3 runtime system. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to cause a denial-of-service condition in the runtime. (CVE-2019-5105)
A heap-based buffer overflow condition exists in the CODESYS V3 runtime component CmpWebServerHandlerV3 due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this issue , via a series of specially crafted messages, to cause a denial of service condition or the execution of arbitrary code. (CVE-2020-10245)
Note that Nessus has not tested for the issue but has instead relied only on the application’s self-reported version number.
Binary data scada_codesys_runtime_3_5_15_40.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
3s-software | codesys_runtime_system | cpe:/a:3s-software:codesys_runtime_system |