Signature Detail
Short Name |
SCADA:CODESYS-GATEWAY-DOS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SCADA |
Keywords |
3S Smart Software Solutions CoDeSys Gateway Server Denial Of Service |
Release Date |
2013/07/08 |
Update Number |
2280 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SCADA: 3S Smart Software Solutions CoDeSys Gateway Server Denial Of Service
A denial of service vulnerability exists in 3S Smart Software Solutions CoDeSys Gateway Server. The vulnerability is due to improper allocation of heap memory. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable service on ports 1211/TCP or 1210/TCP. Successful exploitation could cause the affected application to terminate abnormally.
Extended Description
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
Affected Products
- 3s-software codesys_gateway-server 2.3.5.1
- 3s-software codesys_gateway-server 2.3.5.2
- 3s-software codesys_gateway-server 2.3.5.3
- 3s-software codesys_gateway-server 2.3.6.0
- 3s-software codesys_gateway-server 2.3.7.0
- 3s-software codesys_gateway-server 2.3.8.0
- 3s-software codesys_gateway-server 2.3.8.1
- 3s-software codesys_gateway-server 2.3.8.2
- 3s-software codesys_gateway-server 2.3.9
- 3s-software codesys_gateway-server 2.3.9.1
- 3s-software codesys_gateway-server 2.3.9.18
- 3s-software codesys_gateway-server 2.3.9.2
- 3s-software codesys_gateway-server 2.3.9.3
- 3s-software codesys_gateway-server 2.3.9.4
- 3s-software codesys_gateway-server 2.3.9.5
- 3s-software codesys_gateway-server up to 2.3.9.19
References
- CVE: CVE-2012-4707