Signature Detail
Short Name |
SCADA:CODESYS-HEAP-OVF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SCADA |
Keywords |
3S Smart Software Solutions CoDeSys Gateway Server Heap Buffer Overflow |
Release Date |
2013/07/09 |
Update Number |
2280 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SCADA: 3S Smart Software Solutions CoDeSys Gateway Server Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Smart Software Solutions CoDeSys. A successful attack can lead to heap buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.
Affected Products
- 3s-software codesys_gateway-server 2.3.5.1
- 3s-software codesys_gateway-server 2.3.5.2
- 3s-software codesys_gateway-server 2.3.5.3
- 3s-software codesys_gateway-server 2.3.6.0
- 3s-software codesys_gateway-server 2.3.7.0
- 3s-software codesys_gateway-server 2.3.8.0
- 3s-software codesys_gateway-server 2.3.8.1
- 3s-software codesys_gateway-server 2.3.8.2
- 3s-software codesys_gateway-server 2.3.9
- 3s-software codesys_gateway-server 2.3.9.1
- 3s-software codesys_gateway-server 2.3.9.18
- 3s-software codesys_gateway-server 2.3.9.19
- 3s-software codesys_gateway-server 2.3.9.2
- 3s-software codesys_gateway-server 2.3.9.3
- 3s-software codesys_gateway-server 2.3.9.4
- 3s-software codesys_gateway-server 2.3.9.5
- 3s-software codesys_gateway-server up to 2.3.9.20
References
- BugTraq: 58032
- CVE: CVE-2012-4706