3S CoDeSys Gateway Server Crafted Packet Stack Overflow

Added: 04/29/2013 CVE: CVE-2012-4708 BID: 58032 OSVDB: 90371 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...

Directory traversal

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname...

Integer overflow

Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow...

CVE-2012-4705

Affected software: 3S CODESYS Gateway-Server (GATEWAY-SERVER). Vulnerability: Directory traversal that can lead to remote code execution via crafted pathnames; impact per ICS-CERT includes remote execution potential. Root cause / vector: Improper handling of directory traversal in the Gateway-Ser...

CVE-2012-4706

CVE-2012-4706 affects the 3S CODESYS Gateway-Server prior to version 2.3.9.27. The vulnerability is a heap-based buffer overflow caused by a signedness/error in processing a crafted TCP packet (port 1211), enabling remote denial of service. Documents indicate this is part of a set of vulnerabilit...

CVE-2012-4705

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname...

CVE-2012-4704

CVE-2012-4704 affects the 3S CODESYS Gateway-Server (prior to ver. 2.3.9.27). The vulnerability is described as a memory access error (array/index handling) in the Gateway-Server that can allow a remote attacker to execute arbitrary code via a crafted packet. ICS-CERT/3S advisories confirm remote...