3s-Software: Security Vulnerabilities
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-02-15
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-10-18
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1
Modular Controller with CoDeSys and SoftMotion provide an undocumented
access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application
crash) via unspecified vectors.
CVSS Score
9.3
EPSS Score
0.02
Published
2014-04-25
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
CVSS Score
9.3
EPSS Score
0.003
Published
2014-04-25
Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-01-31
Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.043
Published
2013-05-23
Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
CVSS Score
10.0
EPSS Score
0.149
Published
2013-02-24
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
CVSS Score
10.0
EPSS Score
0.598
Published
2013-02-24
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.
CVSS Score
7.8
EPSS Score
0.006
Published
2013-02-24
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
CVSS Score
10.0
EPSS Score
0.084
Published
2013-02-24
Page 1