Added: 04/29/2013
CVE: CVE-2012-4708
BID: 58032
OSVDB: 90371
Smart Software Solutions GmbH (3S) manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The Gateway Server listens on TCP port 1211.
3S CoDeSys Gateway Server 2.3.9.27 and earlier is vulnerable to stack buffer overflow. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the Gateway Server on port 1211. Successful attack could result in complete control of the affected system.
Update to version 2.3.9.38.
<http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01>
This exploit was tested against CoDeSys 2.3.9.31 on Windows Server 2003 SP2 English with DEP OptOut.
Windows