Shodan
Vulnerabilities
Vulnerable Software
3s-Software:  >> Codesys Runtime System  Security Vulnerabilities
CVE-2018-5440
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-02-15
CVE-2015-6482
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-10-18
CVE-2014-0760
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVSS Score
9.3
EPSS Score
0.02
Published
2014-04-25
CVE-2014-0769
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
CVSS Score
9.3
EPSS Score
0.003
Published
2014-04-25
CVE-2012-6068
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
CVSS Score
9.8
EPSS Score
0.044
Published
2013-01-21
CVE-2012-6069
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
CVSS Score
10.0
EPSS Score
0.022
Published
2013-01-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved