Vulnerabilities > CVE-2012-4706 - Numeric Errors vulnerability in 3S-Software Codesys Gateway-Server

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

3s-software

CWE-189

NVD

Published: 2013-02-24

Updated: 2013-05-21

Summary

Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	3S-Software 3S Software Codesys Gateway Server 2.3.5.1 3S Software Codesys Gateway Server 2.3.5.2 3S Software Codesys Gateway Server 2.3.5.3 3S Software Codesys Gateway Server 2.3.6.0 3S Software Codesys Gateway Server 2.3.7.0 3S Software Codesys Gateway Server 2.3.8.0 3S Software Codesys Gateway Server 2.3.8.1 3S Software Codesys Gateway Server 2.3.8.2 3S Software Codesys Gateway Server 2.3.9 3S Software Codesys Gateway Server 2.3.9.1 3S Software Codesys Gateway Server 2.3.9.2 3S Software Codesys Gateway Server 2.3.9.3 3S Software Codesys Gateway Server 2.3.9.4 3S Software Codesys Gateway Server 2.3.9.5 3S Software Codesys Gateway Server 2.3.9.18 3S Software Codesys Gateway Server 2.3.9.19	16

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A