Sign-up

ID

VAR-201509-0300


CVE

CVE-2015-6460


TITLE

3S-Smart Software Solutions CODESYS Gateway Server Heap Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 73900d9c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06220

DESCRIPTION

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the 0x3ef opcode. An attacker can leverage this vulnerability to execute code under the context of the process. 3S-Smart Software Solutions CoDeSys is a PLC (programmable controller) software programming tool from 3S-Smart Software Solutions, Germany. The CODESYS Gateway Server is one of the CODESYS gateway servers. Failed attacks will cause denial-of-service conditions. Runtime Toolkit is the runtime toolkit of CoDeSys

Trust: 4.05

sources: NVD: CVE-2015-6460 // JVNDB: JVNDB-2015-004927 // ZDI: ZDI-15-442 // ZDI: ZDI-15-441 // CNVD: CNVD-2015-06220 // BID: 76754 // IVD: 73900d9c-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-84421 // VULMON: CVE-2015-6460

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 73900d9c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06220

AFFECTED PRODUCTS

vendor:codesysmodel:gateway serverscope: - version: -

Trust: 1.4

vendor:3s smartmodel:codesys gateway serverscope:ltversion:2.3.9.34

Trust: 1.0

vendor:3s smartmodel:codesys gateway serverscope:ltversion:2.3.9.47

Trust: 0.8

vendor:3s smartmodel:software solutions codesys gateway serverscope:ltversion:2.3.9.47

Trust: 0.6

vendor:3s smartmodel:codesys gateway serverscope:eqversion:2.3.9.46

Trust: 0.6

vendor:codesys gateway servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 73900d9c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-442 // ZDI: ZDI-15-441 // CNVD: CNVD-2015-06220 // JVNDB: JVNDB-2015-004927 // CNNVD: CNNVD-201509-256 // NVD: CVE-2015-6460

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2015-6460
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2015-6460
value: HIGH

Trust: 1.0

NVD: CVE-2015-6460
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-06220
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201509-256
value: HIGH

Trust: 0.6

IVD: 73900d9c-2351-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-84421
value: HIGH

Trust: 0.1

VULMON: CVE-2015-6460
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6460
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.3

CNVD: CNVD-2015-06220
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 73900d9c-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-84421
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 73900d9c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-442 // ZDI: ZDI-15-441 // CNVD: CNVD-2015-06220 // VULHUB: VHN-84421 // VULMON: CVE-2015-6460 // JVNDB: JVNDB-2015-004927 // CNNVD: CNNVD-201509-256 // NVD: CVE-2015-6460

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-84421 // JVNDB: JVNDB-2015-004927 // NVD: CVE-2015-6460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-256

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201509-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004927

PATCH
title:Codesys has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02
Trust: 1.4
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:3S-Smart Software Solutions CODESYS Gateway Server heap buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/64471
Trust: 0.6
title:SetupCoDeSysV23947url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57669
Trust: 0.6
title:CoDeSys_v23947url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57668
Trust: 0.6
sources:
            
            
            ZDI: ZDI-15-442 // 
            
            
            
            ZDI: ZDI-15-441 // 
            
            
            
            CNVD: CNVD-2015-06220 // 
            
            
            
            JVNDB: JVNDB-2015-004927 // 
            
            
            
            CNNVD: CNNVD-201509-256

EXTERNAL IDS
db:NVDid:CVE-2015-6460
Trust: 5.1
db:ZDIid:ZDI-15-441
Trust: 3.4
db:ICS CERTid:ICSA-15-258-02
Trust: 2.9
db:ZDIid:ZDI-15-442
Trust: 2.8
db:CNNVDid:CNNVD-201509-256
Trust: 0.9
db:CNVDid:CNVD-2015-06220
Trust: 0.8
db:JVNDBid:JVNDB-2015-004927
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2786
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-2785
Trust: 0.7
db:BIDid:76754
Trust: 0.5
db:IVDid:73900D9C-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-84421
Trust: 0.1
db:VULMONid:CVE-2015-6460
Trust: 0.1
sources:
            
            
            IVD: 73900d9c-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-15-442 // 
            
            
            
            ZDI: ZDI-15-441 // 
            
            
            
            CNVD: CNVD-2015-06220 // 
            
            
            
            VULHUB: VHN-84421 // 
            
            
            
            VULMON: CVE-2015-6460 // 
            
            
            
            BID: 76754 // 
            
            
            
            JVNDB: JVNDB-2015-004927 // 
            
            
            
            CNNVD: CNNVD-201509-256 // 
            
            
            
            NVD: CVE-2015-6460

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-258-02
Trust: 4.3
url:http://zerodayinitiative.com/advisories/zdi-15-441/
Trust: 2.4
url:http://zerodayinitiative.com/advisories/zdi-15-442/
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6460
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6460
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-15-258-02
Trust: 0.6
url:http://www.3s-software.com/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-15-441/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-15-442/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/76754
Trust: 0.1
url:https://www.cisa.gov/uscert/ics/advisories/icsa-15-258-02
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-442 // 
            
            
            
            ZDI: ZDI-15-441 // 
            
            
            
            CNVD: CNVD-2015-06220 // 
            
            
            
            VULHUB: VHN-84421 // 
            
            
            
            VULMON: CVE-2015-6460 // 
            
            
            
            BID: 76754 // 
            
            
            
            JVNDB: JVNDB-2015-004927 // 
            
            
            
            CNNVD: CNNVD-201509-256 // 
            
            
            
            NVD: CVE-2015-6460

CREDITS
Josep Pi Rodriguez
Trust: 1.7
sources:
            
            
            ZDI: ZDI-15-442 // 
            
            
            
            ZDI: ZDI-15-441 // 
            
            
            
            BID: 76754

SOURCES
db:IVDid:73900d9c-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-15-442
db:ZDIid:ZDI-15-441
db:CNVDid:CNVD-2015-06220
db:VULHUBid:VHN-84421
db:VULMONid:CVE-2015-6460
db:BIDid:76754
db:JVNDBid:JVNDB-2015-004927
db:CNNVDid:CNNVD-201509-256
db:NVDid:CVE-2015-6460

LAST UPDATE DATE
2024-11-23T22:38:47.128000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-442date:2015-09-16T00:00:00
db:ZDIid:ZDI-15-441date:2015-09-16T00:00:00
db:CNVDid:CNVD-2015-06220date:2015-09-28T00:00:00
db:VULHUBid:VHN-84421date:2022-12-02T00:00:00
db:VULMONid:CVE-2015-6460date:2022-07-11T00:00:00
db:BIDid:76754date:2015-11-03T19:14:00
db:JVNDBid:JVNDB-2015-004927date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-256date:2022-07-12T00:00:00
db:NVDid:CVE-2015-6460date:2024-11-21T02:35:00.540

SOURCES RELEASE DATE
db:IVDid:73900d9c-2351-11e6-abef-000c29c66e3ddate:2015-09-25T00:00:00
db:ZDIid:ZDI-15-442date:2015-09-16T00:00:00
db:ZDIid:ZDI-15-441date:2015-09-16T00:00:00
db:CNVDid:CNVD-2015-06220date:2015-09-25T00:00:00
db:VULHUBid:VHN-84421date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-6460date:2015-09-18T00:00:00
db:BIDid:76754date:2015-09-15T00:00:00
db:JVNDBid:JVNDB-2015-004927date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-256date:2015-09-18T00:00:00
db:NVDid:CVE-2015-6460date:2015-09-18T22:59:08.123