31 matches found
EUVD-2013-2720
Malware in sbrugna...
EUVD-2011-4961
Malware in sbrugna...
EUVD-2011-4913
Malware in sbrugna...
Vulnerability Spotlight: Code execution vulnerability in 3S CODESYS
Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable code execution vulnerability in 3S’ CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-complaint industria...
Threat Source newsletter for May 7, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an actual episode with...
3S CODESYS Runtime 3.x < 3.5.15.40 Multiple Vulnerabilities
Binary data scadacodesysruntime351540.nbin...
3S CODESYS control authentication hard-coded encryption key vulnerability
Talos Vulnerability Report TALOS-2019-0896 3S CODESYS control authentication hard-coded encryption key vulnerability March 25, 2020 CVE Number CVE-2019-5104 Summary A hard-coded encryption key vulnerability exists in the authentication functionality of 3S CODESYS Control, version 3.5.13.20. An...
3S CODESYS Runtime Toolkit < 2.4.7.48 PLCWinNT DoS (credentialed check)
Binary data scadacodesysplcwinnt24748local.nbin...
3S CoDeSys Runtime Toolkit NULL Pointer Dereference (uncredentialed check)
Binary data scadacodesysplcwinnt24744remote.nbin...
CVE-2013-2781
CVE-2013-2781 is a use-after-free vulnerability in the 3S CODESYS Gateway server (version 2.3.9.27). It allows remote attackers to cause a DoS (daemon crash) and potentially execute arbitrary code via unspecified vectors. Public details come from multiple sources (NVD/Red Hat/Nessus/ICS-CERT). Mi...
3S CoDeSys Gateway Server Crafted Packet Stack Overflow
Added: 04/29/2013 CVE: CVE-2012-4708 BID: 58032 OSVDB: 90371 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...
Integer overflow
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow...
Stack overflow
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet...
Directory traversal
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname...
CVE-2012-4705
Affected software: 3S CODESYS Gateway-Server (GATEWAY-SERVER). Vulnerability: Directory traversal that can lead to remote code execution via crafted pathnames; impact per ICS-CERT includes remote execution potential. Root cause / vector: Improper handling of directory traversal in the Gateway-Ser...
CVE-2012-4705
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname...
CVE-2012-4706
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow...
CVE-2012-4704
CVE-2012-4704 affects the 3S CODESYS Gateway-Server (prior to ver. 2.3.9.27). The vulnerability is described as a memory access error (array/index handling) in the Gateway-Server that can allow a remote attacker to execute arbitrary code via a crafted packet. ICS-CERT/3S advisories confirm remote...
CVE-2012-4706
CVE-2012-4706 affects the 3S CODESYS Gateway-Server prior to version 2.3.9.27. The vulnerability is a heap-based buffer overflow caused by a signedness/error in processing a crafted TCP packet (port 1211), enabling remote denial of service. Documents indicate this is part of a set of vulnerabilit...
CVE-2012-4707
The CVE-2012-4707 issue affects the 3S CODESYS Gateway-Server up to version 2.3.9.27. It is described as an "Improper Restriction of Operations Within the Bounds of a Memory Buffer" vulnerability, where an out-of-bounds memory access could allow remote attackers to execute arbitrary code. Public ...