Vulnerabilities (CVE)

Filtered by vendor 3s-software Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5440 1 3s-software 2 Codesys Runtime System, Codesys Web Server 2024-02-04 7.5 HIGH 9.8 CRITICAL
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
CVE-2015-6482 1 3s-software 1 Codesys Runtime System 2024-02-04 5.0 MEDIUM N/A
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
CVE-2014-0757 1 3s-software 1 Codesys Runtime Toolkit 2024-02-04 5.0 MEDIUM N/A
Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
CVE-2014-0760 3 3s-software, Festo, Softmotion3d 4 Codesys Runtime System, Cecx-x-c1 Modular Master Controller, Cecx-x-m1 Modular Controller and 1 more 2024-02-04 9.3 HIGH N/A
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2014-0769 3 3s-software, Festo, Softmotion3d 4 Codesys Runtime System, Cecx-x-c1 Modular Master Controller, Cecx-x-m1 Modular Controller and 1 more 2024-02-04 9.3 HIGH N/A
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
CVE-2012-6068 1 3s-software 1 Codesys Runtime System 2024-02-04 10.0 HIGH N/A
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener service or (2) transfer files via requests to the TCP listener service.
CVE-2012-4704 1 3s-software 1 Codesys Gateway-server 2024-02-04 10.0 HIGH N/A
Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2012-4707 1 3s-software 1 Codesys Gateway-server 2024-02-04 10.0 HIGH N/A
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
CVE-2012-4708 1 3s-software 1 Codesys Gateway-server 2024-02-04 10.0 HIGH N/A
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2012-4706 1 3s-software 1 Codesys Gateway-server 2024-02-04 7.8 HIGH N/A
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.
CVE-2012-4705 1 3s-software 1 Codesys Gateway-server 2024-02-04 10.0 HIGH N/A
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
CVE-2013-2781 1 3s-software 1 Codesys Gateway-server 2024-02-04 10.0 HIGH N/A
Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
CVE-2012-6069 1 3s-software 1 Codesys Runtime System 2024-02-04 10.0 HIGH N/A
Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. (dot dot) in a request to the TCP listener service.