Описание
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
Ссылки
- Vendor Advisory
- ExploitUS Government Resource
- Vendor Advisory
- ExploitUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:3ssoftware:codesys:3.4:sp4:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.09304
Низкий
7.5 High
CVSS2
Дефекты
CWE-189
Связанные уязвимости
github
больше 3 лет назад
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
EPSS
Процентиль: 93%
0.09304
Низкий
7.5 High
CVSS2
Дефекты
CWE-189