CVE-2015-6460

Name of the Vulnerable Software and Affected Versions CODESYS Gateway Server versions prior to 2.3.9.34

Description The issue is related to multiple heap-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via specific opcodes, including 0x3ef and 0x3f0. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.3.9.34, update to version 2.3.9.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the 0x3ef and 0x3f0 opcodes until a patch is applied.