PT-2011-5163 · 3S · Codesys
Luigi Auriemma
·
Publicado
2011-12-25
·
Atualizado
2017-08-29
·
CVE-2011-5008
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
3S CoDeSys version 3.4 SP4 Patch 2
Description
The issue is related to an integer overflow in the GatewayService component, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a packet with a large size value in the header, triggering a heap-based buffer overflow.
Recommendations
For version 3.4 SP4 Patch 2, consider applying a patch or fix to address the integer overflow issue in the GatewayService component. As a temporary workaround, restrict access to the GatewayService component to minimize the risk of exploitation.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Codesys