Vulnerabilities > 3S Software > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-25 | CVE-2014-0769 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | 9.3 |
| 2014-04-25 | CVE-2014-0760 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 9.3 |
| 2013-05-23 | CVE-2013-2781 | Resource Management Errors vulnerability in 3S-Software Codesys Gateway-Server 2.3.9.27 Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | 10.0 |
| 2013-02-24 | CVE-2012-4708 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 3S-Software Codesys Gateway-Server Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | 10.0 |
| 2013-02-24 | CVE-2012-4707 | Code Injection vulnerability in 3S-Software Codesys Gateway-Server 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access. | 10.0 |
| 2013-02-24 | CVE-2012-4705 | Path Traversal vulnerability in 3S-Software Codesys Gateway-Server Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | 10.0 |
| 2013-02-24 | CVE-2012-4704 | Improper Input Validation vulnerability in 3S-Software Codesys Gateway-Server Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | 10.0 |
| 2013-01-21 | CVE-2012-6069 | Path Traversal vulnerability in 3S-Software Codesys Runtime System Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. | 10.0 |
| 2013-01-21 | CVE-2012-6068 | Permissions, Privileges, and Access Controls vulnerability in 3S-Software Codesys Runtime System The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service. | 10.0 |