SCADA: CoDeSys Gateway Server Opcode 0x3ef Heap Buffer Overflow
A heap buffer overflow vulnerability exists in 3S Smart Software CoDeSys. The vulnerability is due to insufficient input validation when parsing requests with opcode 0x3ef. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request message to the vulnerable service. Successful exploitation could result in code execution in the security context of the process. Unsuccessful attack attempts could cause the affected service to terminate abnormally, causing a denial of service (DoS) condition.
Extended Description
Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.
Affected Products
3s-smart codesys_gateway_server
References
BugTraq: 76754
CVE: CVE-2015-6460
URL: http://zerodayinitiative.com/advisories/ZDI-15-441/ https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02
Short Name
SCADA:CODESYS-OPCODE03EF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SCADA
Keywords
0x3ef Buffer CVE-2015-6460 CoDeSys Gateway Heap Opcode Overflow Server bid:76754
Release Date
12/15/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3508
Port
TCP/1211
False Positive
Unknown
Vendors
3s-smart
CVSS Score
7.5