Headline
CVE-2015-6460: ZDI-15-441
Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.
September 16th, 2015
CODESYS Gateway Server Opcode 0x3ef Heap Buffer Overflow Remote Code Execution Vulnerability****ZDI-15-441
ZDI-CAN-2785
CVE ID
CVE-2015-6460
CVSS SCORE
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
AFFECTED VENDORS
Codesys
AFFECTED PRODUCTS
Gateway Server
TREND MICRO CUSTOMER PROTECTION
Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 19577. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CODESYS Gateway Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the 0x3ef opcode. An attacker can send a large buffer of data to the server which will cause a heap buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the process.
ADDITIONAL DETAILS
Codesys has issued an update to correct this vulnerability. More details can be found at:
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02
DISCLOSURE TIMELINE
- 2015-03-06 - Vulnerability reported to vendor
- 2015-09-16 - Coordinated public release of advisory
CREDIT
Josep Pi Rodriguez
BACK TO ADVISORIES