Vulnerabilities > CVE-2015-6482 - Remote Denial of Service vulnerability in CODESYS Runtime Toolkit

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

3s-software

NVD

Published: 2015-10-18

Updated: 2015-10-20

Summary

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

Vulnerable Configurations

Part	Description	Count
Application	3S-Software 3S Software Codesys Runtime System - 3S Software Codesys Runtime System 2.3.9.8 3S Software Codesys Runtime System 2.3.9.35 3S Software Codesys Runtime System 2.3.9.36 3S Software Codesys Runtime System 2.3.9.37 3S Software Codesys Runtime System 2.3.9.47	6

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01