CVE-2015-6460

Опубликовано: 18 сент. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.

Ссылки

http://zerodayinitiative.com/advisories/ZDI-15-441/
Third Party Advisory
VDB Entry
http://zerodayinitiative.com/advisories/ZDI-15-442/
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02
Third Party Advisory
US Government Resource
http://zerodayinitiative.com/advisories/ZDI-15-441/
Third Party Advisory
VDB Entry
http://zerodayinitiative.com/advisories/ZDI-15-442/
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:3s-smart:codesys_gateway_server:*:*:*:*:*:*:*:*

Версия до 2.3.9.34 (исключая)

EPSS

Процентиль: 92%

0.08638

Низкий

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-qgmm-vv5m-vvr4

github

больше 3 лет назад

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.47 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.