CVE-2011-5008
published 2011-12-25CVE-2011-5008: Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.03%
91.2th percentile
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3ssoftware | codesys | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3c69-vjm9-xgc7: Integer overflow in the GatewayService component in 3S CoDeSys 3
ghsa_unreviewed·2022-05-17
CVE-2011-5008 [HIGH] GHSA-3c69-vjm9-xgc7: Integer overflow in the GatewayService component in 3S CoDeSys 3
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
CISA ICS
3S CoDeSys Vulnerabilities
cisa_ics·2018-09-06·CVSS 10.0
[CRITICAL] 3S CoDeSys Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
3S CoDeSys Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-006-01
## Overview
This advisory is a follow-up to the alert update, ICS-ALERT-11-336-01A 3S CoDeSys Vulnerabilities, which was released on the ICS-CERT Web page on December 02, 2011.
Security researcher Celil Unuver (SignalSec LLC) and independent researcher Luigi Auriemma have identified vulnerabilities in the 3S Smart Software Solutions CoDeSys product, summarized in the following table. Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept (PoC) exploit code, including
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/codesys_1-adv.txthttp://seclists.org/bugtraq/2011/Nov/178http://secunia.com/advisories/47018http://www.osvdb.org/77386http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/71531http://aluigi.altervista.org/adv/codesys_1-adv.txthttp://seclists.org/bugtraq/2011/Nov/178http://secunia.com/advisories/47018http://www.osvdb.org/77386http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/71531
2011-12-25
Published