Vulnerabilities > 3S Software

DATE CVE VULNERABILITY TITLE RISK
2018-02-15 CVE-2018-5440 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in 3S-Software Codesys Runtime System and Codesys web Server
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server.
network
low complexity
3s-software CWE-119
7.5
2015-10-18 CVE-2015-6482 Remote Denial of Service vulnerability in CODESYS Runtime Toolkit
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
network
low complexity
3s-software
5.0
2014-04-25 CVE-2014-0769 Improper Authentication vulnerability in multiple products
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
9.3
2014-04-25 CVE-2014-0760 Improper Authentication vulnerability in multiple products
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
9.3
2014-01-31 CVE-2014-0757 Resource Management Errors vulnerability in 3S-Software Codesys Runtime Toolkit
Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
network
low complexity
3s-software CWE-399
5.0
2013-05-23 CVE-2013-2781 Resource Management Errors vulnerability in 3S-Software Codesys Gateway-Server 2.3.9.27
Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
network
low complexity
3s-software CWE-399
critical
10.0
2013-02-24 CVE-2012-4708 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 3S-Software Codesys Gateway-Server
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
network
low complexity
3s-software CWE-119
critical
10.0
2013-02-24 CVE-2012-4707 Code Injection vulnerability in 3S-Software Codesys Gateway-Server
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
network
low complexity
3s-software CWE-94
critical
10.0
2013-02-24 CVE-2012-4706 Numeric Errors vulnerability in 3S-Software Codesys Gateway-Server
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.
network
low complexity
3s-software CWE-189
7.8
2013-02-24 CVE-2012-4705 Path Traversal vulnerability in 3S-Software Codesys Gateway-Server
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
network
low complexity
3s-software CWE-22
critical
10.0