31 matches found
EUVD-2013-2720
Malware in sbrugna...
EUVD-2011-4961
Malware in sbrugna...
EUVD-2011-4913
Malware in sbrugna...
Vulnerability Spotlight: Code execution vulnerability in 3S CODESYS
Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable code execution vulnerability in 3S’ CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-complaint industria...
Threat Source newsletter for May 7, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an actual episode with...
3S CODESYS Runtime 3.x < 3.5.15.40 Multiple Vulnerabilities
Binary data scadacodesysruntime351540.nbin...
3S CODESYS control authentication hard-coded encryption key vulnerability
Talos Vulnerability Report TALOS-2019-0896 3S CODESYS control authentication hard-coded encryption key vulnerability March 25, 2020 CVE Number CVE-2019-5104 Summary A hard-coded encryption key vulnerability exists in the authentication functionality of 3S CODESYS Control, version 3.5.13.20. An...
3S CODESYS Runtime Toolkit < 2.4.7.48 PLCWinNT DoS (credentialed check)
Binary data scadacodesysplcwinnt24748local.nbin...
3S CoDeSys Runtime Toolkit NULL Pointer Dereference (uncredentialed check)
Binary data scadacodesysplcwinnt24744remote.nbin...
CVE-2013-2781
CVE-2013-2781 is a use-after-free vulnerability in the 3S CODESYS Gateway server (version 2.3.9.27). It allows remote attackers to cause a DoS (daemon crash) and potentially execute arbitrary code via unspecified vectors. Public details come from multiple sources (NVD/Red Hat/Nessus/ICS-CERT). Mi...
3S CoDeSys Gateway Server Crafted Packet Stack Overflow
Added: 04/29/2013 CVE: CVE-2012-4708 BID: 58032 OSVDB: 90371 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...
Stack overflow
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet...
Integer overflow
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow...
Directory traversal
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname...
CVE-2012-4707
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access...
CVE-2012-4705
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname...
CVE-2012-4708
The CVE-2012-4708 issue affects 3S CODESYS Gateway-Server (pre-2.3.9.27). The vulnerability is a stack-based buffer overflow triggered by a crafted packet sent to the Gateway Server (port 1211), allowing remote code execution and potentially full control of the affected system. Public details ind...
CVE-2012-4704
CVE-2012-4704 affects the 3S CODESYS Gateway-Server (prior to ver. 2.3.9.27). The vulnerability is described as a memory access error (array/index handling) in the Gateway-Server that can allow a remote attacker to execute arbitrary code via a crafted packet. ICS-CERT/3S advisories confirm remote...
CVE-2012-4706
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow...
CVE-2012-4705
Affected software: 3S CODESYS Gateway-Server (GATEWAY-SERVER). Vulnerability: Directory traversal that can lead to remote code execution via crafted pathnames; impact per ICS-CERT includes remote execution potential. Root cause / vector: Improper handling of directory traversal in the Gateway-Ser...