Details of VAR-201510-0194

ID

VAR-201510-0194

CVE

CVE-2015-6482

TITLE

3S CODESYS Runtime Toolkit Null Pointer Indirect Reference Vulnerability

Trust: 0.8

sources: IVD: 7c59cf80-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06785

DESCRIPTION

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. The CODESYS Runtime Toolkit is an embedded third-party software for a variety of industries. CODESYS Runtime Toolkit is prone to a remote denial-of-service vulnerability. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany

Trust: 2.7

sources: NVD: CVE-2015-6482 // JVNDB: JVNDB-2015-005368 // CNVD: CNVD-2015-06785 // BID: 77107 // IVD: 7c59cf80-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-84443

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7c59cf80-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06785

AFFECTED PRODUCTS

vendor:	3s	model:	codesys runtime system	scope:	lte	version:	2.3.9.47	Trust: 1.0
vendor:	3s smart	model:	codesys control runtime toolkit	scope:	lt	version:	2.4.7.48 (codesys control runtime system 2.3.9.48 )	Trust: 0.8
vendor:	3s smart	model:	codesys runtime toolkit	scope:	lt	version:	2.4.7.48	Trust: 0.6
vendor:	3s	model:	codesys runtime system	scope:	eq	version:	2.3.9.47	Trust: 0.6
vendor:	3s smart	model:	codesys control runtime toolkit	scope:	eq	version:	2.4.7.44	Trust: 0.3
vendor:	3s smart	model:	codesys control runtime toolkit	scope:	eq	version:	2.4.7.43	Trust: 0.3
vendor:	3s smart	model:	codesys control runtime toolkit	scope:	eq	version:	2.4.7.0	Trust: 0.3
vendor:	3s smart	model:	codesys control runtime toolkit	scope:	ne	version:	2.4.7.48	Trust: 0.3
vendor:	3s smart	model:	codesys control runtime toolkit	scope:	ne	version:	2.3.9.48	Trust: 0.3
vendor:	codesys runtime system	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7c59cf80-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06785 // BID: 77107 // JVNDB: JVNDB-2015-005368 // CNNVD: CNNVD-201510-326 // NVD: CVE-2015-6482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6482
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6482
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06785
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201510-326
value:	MEDIUM
Trust: 0.6
IVD:	7c59cf80-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-84443
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6482
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06785
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7c59cf80-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-84443
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 7c59cf80-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06785 // VULHUB: VHN-84443 // JVNDB: JVNDB-2015-005368 // CNNVD: CNNVD-201510-326 // NVD: CVE-2015-6482

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-005368 // NVD: CVE-2015-6482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-326

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 77107

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005368

PATCH

title:	CODESYS Control Runtime Toolkit	url:	https://www.codesys.com/products/codesys-runtime/runtime-toolkit.html	Trust: 0.8
title:	CODESYS Download Center	url:	https://www.codesys.com/download/download-center.html	Trust: 0.8
title:	3S CODESYS Runtime Toolkit Patch for null pointer indirect reference vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/65560	Trust: 0.6
title:	3S-Smart Software Solutions CODESYS Runtime Toolkit Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58174	Trust: 0.6

sources: CNVD: CNVD-2015-06785 // JVNDB: JVNDB-2015-005368 // CNNVD: CNNVD-201510-326

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6482	Trust: 3.6
db:	ICS CERT	id:	ICSA-15-288-01	Trust: 3.4
db:	CNNVD	id:	CNNVD-201510-326	Trust: 0.9
db:	CNVD	id:	CNVD-2015-06785	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005368	Trust: 0.8
db:	BID	id:	77107	Trust: 0.4
db:	IVD	id:	7C59CF80-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-84443	Trust: 0.1

sources: IVD: 7c59cf80-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06785 // VULHUB: VHN-84443 // BID: 77107 // JVNDB: JVNDB-2015-005368 // CNNVD: CNNVD-201510-326 // NVD: CVE-2015-6482

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-288-01	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6482	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6482	Trust: 0.8
url:	http://www.codesys.com/support-training/self-help/downloads-updates.html	Trust: 0.3
url:	http://www.3s-software.com/	Trust: 0.3

sources: CNVD: CNVD-2015-06785 // VULHUB: VHN-84443 // BID: 77107 // JVNDB: JVNDB-2015-005368 // CNNVD: CNNVD-201510-326 // NVD: CVE-2015-6482

CREDITS

Nicholas Miles of Tenable Network Security

Trust: 0.3

sources: BID: 77107

SOURCES

db:	IVD	id:	7c59cf80-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-06785
db:	VULHUB	id:	VHN-84443
db:	BID	id:	77107
db:	JVNDB	id:	JVNDB-2015-005368
db:	CNNVD	id:	CNNVD-201510-326
db:	NVD	id:	CVE-2015-6482

LAST UPDATE DATE

2024-11-23T22:01:42.021000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-06785	date:	2015-10-22T00:00:00
db:	VULHUB	id:	VHN-84443	date:	2015-10-20T00:00:00
db:	BID	id:	77107	date:	2015-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-005368	date:	2015-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201510-326	date:	2015-10-19T00:00:00
db:	NVD	id:	CVE-2015-6482	date:	2024-11-21T02:35:03.537

SOURCES RELEASE DATE

db:	IVD	id:	7c59cf80-2351-11e6-abef-000c29c66e3d	date:	2015-10-22T00:00:00
db:	CNVD	id:	CNVD-2015-06785	date:	2015-10-22T00:00:00
db:	VULHUB	id:	VHN-84443	date:	2015-10-18T00:00:00
db:	BID	id:	77107	date:	2015-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-005368	date:	2015-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201510-326	date:	2015-10-19T00:00:00
db:	NVD	id:	CVE-2015-6482	date:	2015-10-18T19:59:02.823