SAINT CorporationSAINT:6EE29573702DB029129F0945F74ECFC03S CoDeSys Gateway Server Crafted Packet Stack Overflow
0.054 Low
EPSS
Percentile
93.2%
Added: 04/29/2013
CVE: CVE-2012-4708
BID: 58032
OSVDB: 90371
Background
Smart Software Solutions GmbH (3S) manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The Gateway Server listens on TCP port 1211.
Problem
3S CoDeSys Gateway Server 2.3.9.27 and earlier is vulnerable to stack buffer overflow. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the Gateway Server on port 1211. Successful attack could result in complete control of the affected system.
Resolution
Update to version 2.3.9.38.
References
<http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01>
Limitations
This exploit was tested against CoDeSys 2.3.9.31 on Windows Server 2003 SP2 English with DEP OptOut.
Platforms
Windows
Related
