CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-5440
https://notcve.org/view.php?id=CVE-2018-5440
15 Feb 2018 — A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server. Se ha descubierto un problema de desbordamiento de búfer basad... • http://www.securityfocus.com/bid/102909 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6484
https://notcve.org/view.php?id=CVE-2015-6484
25 Oct 2015 — 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. 3S-Smart CODESYS Gateway Server en versiones anteriores a 2.3.9.48 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULL y caída de demonio) a través de una petición manipulada (1) GET o (2) POST. • https://ics-cert.us-cert.gov/advisories/ICSA-15-293-03 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6482
https://notcve.org/view.php?id=CVE-2015-6482
18 Oct 2015 — Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. Runtime Toolkit en versiones anteriores a 2.4.7.48 en 3S-Smart CODESYS en versiones anteriores a 2.3.9.48 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULL y caída de la aplicación) a través de una petición manipulada. • https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01 •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0760
https://notcve.org/view.php?id=CVE-2014-0760
25 Apr 2014 — The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion proporcionan un método de acceso no documentado involucrando el protocolo FTP, lo que ... • http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0769
https://notcve.org/view.php?id=CVE-2014-0769
25 Apr 2014 — The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion no requieren autenticación para... • http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0757
https://notcve.org/view.php?id=CVE-2014-0757
31 Jan 2014 — Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Smart Software Solutions (3S) CoDeSys Runtime Toolkit anterior a la versión 2.4.7.44 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída) a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2013-2781
https://notcve.org/view.php?id=CVE-2013-2781
23 May 2013 — Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Vulnerabilidad "usar después de liberar" en el servidor de aplicaciones de 3S CODESYS Gateway v2.3.9.27 permite a atacantes remotos causar una denegación de servicios (caída del demonio) o posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 14%CPEs: 17EXPL: 0CVE-2012-4704
https://notcve.org/view.php?id=CVE-2012-4704
24 Feb 2013 — Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. Errores de ínidce en la matriz en CODESYS Gateway-Server antes de v2.3.9.27 que permite a atacantes remotos ejecutar código arbitrario a través de un paquete hecho a mano. • http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 59%CPEs: 17EXPL: 1CVE-2012-4705 – CADA 3S CoDeSys Gateway Server - Directory Traversal
https://notcve.org/view.php?id=CVE-2012-4705
24 Feb 2013 — Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. Vulnerabilidad de salto de directorio en CoDeSys Gateway-3S Server antes v2.3.9.27 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con una ruta diseñada. • https://www.exploit-db.com/exploits/41712 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2012-4706
https://notcve.org/view.php?id=CVE-2012-4706
24 Feb 2013 — Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow. Error de asignación de entero en 3S CODESYS Gateway-Server anterior a v2.3.9.27, permite a atacantes remotos provocar una denegación de servicio a través de un paquete especialmente manipulado que provoca un desbordamiento de búfer (heap) • http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A • CWE-189: Numeric Errors •