CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.2%
Added: 04/29/2013
CVE: CVE-2012-4708
BID: 58032
OSVDB: 90371
Smart Software Solutions GmbH (3S) manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The Gateway Server listens on TCP port 1211.
3S CoDeSys Gateway Server 2.3.9.27 and earlier is vulnerable to stack buffer overflow. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the Gateway Server on port 1211. Successful attack could result in complete control of the affected system.
Update to version 2.3.9.38.
<http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01>
This exploit was tested against CoDeSys 2.3.9.31 on Windows Server 2003 SP2 English with DEP OptOut.
Windows