3S CoDeSys Gateway Server Crafted Packet Stack Overflow

2013-04-29T00:00:00
ID SAINT:C7FC10FD840A75F48A5C6FAD9663A6B0
Type saint
Reporter SAINT Corporation
Modified 2013-04-29T00:00:00

Description

Added: 04/29/2013
CVE: CVE-2012-4708
BID: 58032
OSVDB: 90371

Background

Smart Software Solutions GmbH (3S) manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The Gateway Server listens on TCP port 1211.

Problem

3S CoDeSys Gateway Server 2.3.9.27 and earlier is vulnerable to stack buffer overflow. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the Gateway Server on port 1211. Successful attack could result in complete control of the affected system.

Resolution

Update to version 2.3.9.38.

References

<http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01>

Limitations

This exploit was tested against CoDeSys 2.3.9.31 on Windows Server 2003 SP2 English with DEP OptOut.

Platforms

Windows