Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2015-6460: ZDI-15-441

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.

CVE
#vulnerability#git#rce#buffer_overflow#auth

September 16th, 2015

CODESYS Gateway Server Opcode 0x3ef Heap Buffer Overflow Remote Code Execution Vulnerability****ZDI-15-441
ZDI-CAN-2785

CVE ID

CVE-2015-6460

CVSS SCORE

7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

AFFECTED VENDORS

Codesys

AFFECTED PRODUCTS

Gateway Server

TREND MICRO CUSTOMER PROTECTION

Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 19577. For further product information on the TippingPoint IPS: http://www.tippingpoint.com

VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CODESYS Gateway Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the 0x3ef opcode. An attacker can send a large buffer of data to the server which will cause a heap buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the process.

ADDITIONAL DETAILS

Codesys has issued an update to correct this vulnerability. More details can be found at:
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02

DISCLOSURE TIMELINE

  • 2015-03-06 - Vulnerability reported to vendor
  • 2015-09-16 - Coordinated public release of advisory

CREDIT

Josep Pi Rodriguez

BACK TO ADVISORIES

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907